From chd at chud.net Fri Oct 1 00:12:23 2004
From: chd at chud.net (Chris De Young)
Date: Fri Oct 1 00:09:18 2004
Subject: Is it possible to encrypt file symmetrically with 1 (one)
command line?
In-Reply-To: <415C79CD.6000702@bluewin.ch>
References: <415C79CD.6000702@bluewin.ch>
Message-ID: <20040930221223.GR20251@dionysus.chud.net>
On Thu, Sep 30, 2004 at 11:25:33PM +0200, Oleksiy Muzalyev wrote:
> Hi,
>
> When I enter:
> gpg -a -c data.php
>
> gpg asks for the password, I enter it, and it asks to repeat.
>
> Is there something like:
>
> gpg -a -c data.php --password MyPassword
>
> I call from VB2005:
>
> Shell("c:\gnupg\gpg.exe -a -c " & fileToEncrypt, AppWinStyle.NormalFocus)
>
> And console window opens and asks twice for the password.
>
> I would prefer to send the file path and password in one command.
Offhand I don't know of any switches that you can use to pass the
passphrase on the command line, though I might be missing one. If
it's acceptable to store the passphrase in a separate file (probably
no more risky that coding it into a script), you could use:
gpg -a -c --batch --passphrase-fd n filename
which will read the password from file descriptor n. 0 means standard
input, though that's not what you want in the case.
Cheers,
-Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20040930/ce501125/attachment.bin
From hmujtaba at forumsys.com Fri Oct 1 01:12:13 2004
From: hmujtaba at forumsys.com (Hasnain Mujtaba)
Date: Fri Oct 1 10:10:00 2004
Subject: decryption failed: weak key
Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AE@bstn-exch1.forumsys.com>
Hi,
I saw this message when decrypting a file encrypted with a 1536 ElGamal
key, 3DES symmetric cipher:
gpg: WARNING: message was encrypted with a weak key in the symmetric
cipher.
gpg: decryption failed: weak key.
Looks like GPG is checking for randomness property of the session key
after decrypting it out of the Public-key Encrypted Session key packet.
Correct? And does the RFC2440 specify how this check should be
performed, i.e is it a MUST have feature?
Thanks,
Hasnain.
From mroth at nessie.de Fri Oct 1 13:52:55 2004
From: mroth at nessie.de (Michael Roth)
Date: Fri Oct 1 13:49:34 2004
Subject: decryption failed: weak key
In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AE@bstn-exch1.forumsys.com>
References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AE@bstn-exch1.forumsys.com>
Message-ID: <415D4517.60904@nessie.de>
Hasnain Mujtaba wrote:
| I saw this message when decrypting a file encrypted with a 1536
| ElGamal key, 3DES symmetric cipher:
A "weak key" is a special DES property. In DES there are 64 known weak
keys. I think Blowfish has weak keys too.
| gpg: WARNING: message was encrypted with a weak key in the symmetric
| cipher.
| gpg: decryption failed: weak key.
|
| Looks like GPG is checking for randomness property of the session key
| after decrypting it out of the Public-key Encrypted Session key
| packet. Correct?
No. If you take a look in g10/des.c you will find a table containing all
64 known weak keys (search for "weak_key"). If gnupg creates a session
key, it omits weak keys (take a look in g10/seskey.c, make_session_key).
So I guess the message was not encrypted using gnupg? Would be nice to
know which programm created the weak session key.
Please also note: 3DES keys consist effectivly of 3 different DES keys,
but GnuPG complains about weak keys if at least one of these three parts
is a weak key.
cu
Michael Roth
From mujyo at comcast.net Fri Oct 1 14:20:43 2004
From: mujyo at comcast.net (haruki s.)
Date: Fri Oct 1 14:17:48 2004
Subject: Question about FAQ section 7.1
In-Reply-To: <20040924195617.GB13073@jabberwocky.com>
References: <1191732911.20040924121611@comcast.net>
<20040924195617.GB13073@jabberwocky.com>
Message-ID: <747022294.20041001052043@comcast.net>
Thank you Mr. Shaw, Smasher and Williams for your answer(s) and
feedback :^) It was very useful in my first series of mental hurdles
on the path to using GPG.
Is there a wiki for updating the GPG-FAQ? Or perhaps someone working
on update keeping track commits and other less direct changes?
Friday, September 24, 2004, 12:56:17 PM, David Shaw dshaw@jabberwocky.com wrote:
> On Fri, Sep 24, 2004 at 12:16:11PM -0700, mujyo@comcast.net wrote:
>> Hello List :^)
>>
>> In section 7.1 of the FAQ the last paragraph states:
>>
>> "There is a small security glitch in the OpenPGP (and therefore GnuPG)
>> system; to avoid this you should always sign and encrypt a message
>> instead of only encrypting it."
>> ( http://www.gnupg.org/(en)/documentation/faqs.html#q7.1 )
>>
>> I am wondering if this is still the case, and if this means that one
>> should also not use 'conventional' encryption, as the language appears
>> to possibly be saying that as well. And has this 'glitch' been fixed?
> This isn't true any longer. OpenPGP now has the MDC protection. Both
> GnuPG and PGP support it. MDC can be turned off manually, or if you
> encrypt to a key that doesn't support it, it is switched off
> automatically, but in general it is on. GnuPG tries pretty hard to
> use MDC whenever possible. MDC works for conventional encryption
> also.
>> Also, does anyone see any basic problems in encrypting =<700MB files
>> using --recipient (My-Name) --encrypt (File), i.e. encrypting to one's
>> self for files only for yourself. Is it better to encrypt with say
>> TWOFISH, or a Key-pair even though you are only encrypting to
>> yourself.
> No basic problem. Some people like to use --symmetric when encrypting
> to themselves, and some people like to use their public key. It's
> really a matter of taste. I prefer to use my public key so I don't
> have one more passphrase to remember ;)
> David
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
yours,
haruki
----119$&89#jFS-=)(3~`
www.votenader.org
-@$____CARRIER_LOST.------
From amilivojevic at pbl.ca Fri Oct 1 16:40:31 2004
From: amilivojevic at pbl.ca (Aleksandar Milivojevic)
Date: Fri Oct 1 16:33:47 2004
Subject: Is it possible to encrypt file symmetrically with 1
(one) command line?
In-Reply-To: <20040930221223.GR20251@dionysus.chud.net>
References: <415C79CD.6000702@bluewin.ch>
<20040930221223.GR20251@dionysus.chud.net>
Message-ID: <415D6C5F.90902@pbl.ca>
Chris De Young wrote:
> On Thu, Sep 30, 2004 at 11:25:33PM +0200, Oleksiy Muzalyev wrote:
>
>>I call from VB2005:
>>
>>Shell("c:\gnupg\gpg.exe -a -c " & fileToEncrypt, AppWinStyle.NormalFocus)
>>
>>And console window opens and asks twice for the password.
>>
>>I would prefer to send the file path and password in one command.
>
>
> Offhand I don't know of any switches that you can use to pass the
> passphrase on the command line, though I might be missing one. If
> it's acceptable to store the passphrase in a separate file (probably
> no more risky that coding it into a script), you could use:
>
> gpg -a -c --batch --passphrase-fd n filename
>
> which will read the password from file descriptor n. 0 means standard
> input, though that's not what you want in the case.
Hm, why not using 0? I don't know how VB handles redirection of
stdin/stdout between processes, however this works quite well in Perl on
Unix:
#! /usr/bin/perl
$gpg_exe = "gpg";
@gpg_args = ($gpg_exe, "--quiet", "--batch", "--no-tty",
"--passphrase-fd", "0", "-a", "-c", "blah");
open(FH, "|-") || exec @gpg_args or die "Can't execute GnuPG!";
print FH "passpharase\n";
close(FH) or die "Encryption failed!";
What this does is that it starts new gpg process, and ties its standard
input to file handle of parent process (basically it creates a pipe
between two processes). Then it sends the passpharase using this pipe.
Note the newline at the end of passphrase. If this can be ported to
VB on Windows, it *should* work (tm).
P.S.
To prevent this going into the wrong direction, yes I do know that
having passphrase in code is insecure, and yes I do know there are
couple of nice Perl modules for handling GnuPG, and yes I do know this
is not the best way of controlling GnuPG from another process. This was
just illustration, and for simple usage and with few precausions it works.
--
Aleksandar Milivojevic Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
From hmujtaba at forumsys.com Fri Oct 1 20:40:58 2004
From: hmujtaba at forumsys.com (Hasnain Mujtaba)
Date: Fri Oct 1 20:38:15 2004
Subject: decryption failed: weak key
Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AF@bstn-exch1.forumsys.com>
Hi Michael,
Thank you for the detailed reply. I am just playing around with an open
source OpenPGP implementation. I was debugging a problem with ElGamal
encryption and to rule out entropy problems, I hard-coded the 192-bit
session key with a fixed string of ones instead of reading it from
/dev/random. Interestingly, only GPG catches the weak key, not any of
the other tools I fed the encrypted file to.
Regards,
Hasnain.
-----Original Message-----
From: Michael Roth [mailto:mroth@nessie.de]
Sent: Friday, October 01, 2004 7:53 AM
To: Hasnain Mujtaba
Cc: gnupg-users@gnupg.org
Subject: Re: decryption failed: weak key
Hasnain Mujtaba wrote:
| I saw this message when decrypting a file encrypted with a 1536
| ElGamal key, 3DES symmetric cipher:
A "weak key" is a special DES property. In DES there are 64 known weak
keys. I think Blowfish has weak keys too.
| gpg: WARNING: message was encrypted with a weak key in the symmetric
| cipher.
| gpg: decryption failed: weak key.
|
| Looks like GPG is checking for randomness property of the session key
| after decrypting it out of the Public-key Encrypted Session key
| packet. Correct?
No. If you take a look in g10/des.c you will find a table containing all
64 known weak keys (search for "weak_key"). If gnupg creates a session
key, it omits weak keys (take a look in g10/seskey.c, make_session_key).
So I guess the message was not encrypted using gnupg? Would be nice to
know which programm created the weak session key.
Please also note: 3DES keys consist effectivly of 3 different DES keys,
but GnuPG complains about weak keys if at least one of these three parts
is a weak key.
cu
Michael Roth
From johanw at vulcan.xs4all.nl Fri Oct 1 19:24:28 2004
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Fri Oct 1 20:58:04 2004
Subject: decryption failed: weak key
In-Reply-To: <415D4517.60904@nessie.de> from Michael Roth at "Oct 1,
2004 01:52:55 pm"
Message-ID: <200410011724.TAA01259@vulcan.xs4all.nl>
Michael Roth wrote:
>No. If you take a look in g10/des.c you will find a table containing all
>64 known weak keys (search for "weak_key"). If gnupg creates a session
>key, it omits weak keys (take a look in g10/seskey.c, make_session_key).
I can understand that it doesn't encrypt to them, but why would it not
decrypt with them? I can't see any security risk in that.
And I too would like to know what application used that weak key. If it
wasn't done deliberately (some implementations allow one to specify the
symmetric key to use) it sounds like a backdoor.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From atom at suspicious.org Fri Oct 1 23:49:18 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Fri Oct 1 23:46:19 2004
Subject: decryption failed: weak key
In-Reply-To: <415D4517.60904@nessie.de>
References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3AE@bstn-exch1.forumsys.com>
<415D4517.60904@nessie.de>
Message-ID: <20041001174437.N23687@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
can gpg decrypt it with --expert? how about --override-session-key?
curious... what happens if you use --show-session-key? would you mind
posting the session key? there shouldn't be any harm in posting it, since
we don't have the message. and if we did have the message, by now we know
it's one of a small handful of possible session keys.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"I offer here and now... to swallow an entire glass of PCBs
and run a mile afterward... to be in danger you have got
to take PCBs in quantities steadily over a long period of
time, and probably be pregnant, which I don't intend to be."
-- New York Governor Hugh Carey, 4 Mar 1981
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBXdDkAAoJEAx/d+cTpVciWXsH/1gobns8S8Q5Jl8EOlx+jmuR
zl677YH2EHyTDMIBK2N5cTFhw04QMTBMLODQ22cmyDzgz5PkeBGJoE25UMQqrhP5
7kARRJ3NdFUCSNISxdjqOTTNf3cBdoJGQV5/bgszq1nIvUEcBhi7r5icu2qVHccv
ROt/9nAqwL7rtTsyQQ90sk5dH3YgfircaB0mYoFpDNHxN38xRr04hbh0auhwCsm5
p0s7qtv+5v8ZdUsVtqcWg32MNxtweNZJHlRiDxZ6P3+tBS0xv729oMNUmkMiqLZK
4NbutJQZU45s+QX+VNMFSnRZM90ApTG3tOYJNqq/kLN2Wf8vOkqsOIxkUDr5ri8=
=hQfV
-----END PGP SIGNATURE-----
From atom at suspicious.org Sat Oct 2 08:56:27 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Sat Oct 2 08:53:14 2004
Subject: Weaknesses in SHA-1
In-Reply-To: <20040928021550.F94659@willy_wonka>
References: <3.0.5.32.20040922204843.012ffbe8@popc.ipa.net>
<200409271156.NAA02621@vulcan.xs4all.nl>
<20040927144930.GB5523__7534.50141423873$1096297653$gmane$org@jabberwocky.com>
<20040927200700.GA8139__40965.5465315611$1096315808$gmane$org@jabberwocky.com>
<20040928043412.GC9810@jabberwocky.com>
<20040928021550.F94659@willy_wonka>
Message-ID: <20041002025537.Q23687@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
with all this talk of (allegedly!) weak and broken hashes, i'd like to
throw out a construct to combine 2 or more hashes and (it seems) make the
construct more secure than either one of the hashes independently: take
two or more hashes and XOR them.
if i XOR the output of an SHA-1 and RIPEMD-160 hash, the only way to
"break" the resulting hash would require breaking *both* SHA-1 and
RIPEMD-160.
the same mechanism can apply to more than two hashes as input, but i'm not
enough of a math guy to figure out where is the point of diminishing
return (or if there is such a point). intuitively, it seems (to me) that
if N hashes are used as input, the protocol is secure as long as any one
of the input hashes can not be broken. i'm also not enough of a math guy
to figure out (quantifiably) what would be gained (or lost) by combining
hashes of different sizes, and maybe even truncating the output.
and no, the little voices in my head are not suggesting that this ~should~
be done because the sky is falling... they're just saying that this
~could~ be done, if the general consensus is that the sky will fall. OTOH,
what if some secret agency known by three letters could break some hashes,
but not others....
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"The intifada is the Palestinian people's war of national
liberation. We enthusiastically chose to become a
colonialist society, ignoring international treaties,
expropriating lands, transferring settlers from Israel
to the occupied territories, engaging in theft and
finding justification for all these activities... we
established an apartheid regime."
-- Michael Ben-Yair, Israel's attorney general, 1993-1996
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBXlEhAAoJEAx/d+cTpVciSakH/jpZkHdKceNAHu0z92GHijZf
uqYbJlF49v9ZWf41/nVuL5U1IBcVvlelhmfhzoxmncWZM/5RT1loFNZhuTezvfke
kERGvyclJCtlikPS4WyoBwYfsvvP5nEN6MqToA8Sn8DLBdPuNy7CdW7AlyME1rkN
RGzTO7aJDKdq4yJicERVeopd5yCsqj68Y5jsukPg2RL1A7SiCY6gBqBBb5VBFtZK
nIMPPGIdJn1jvLErGc0L+AP+L+CNtKKQIPX0jBquXH2Fmyvq+GTOwJl20GbZxSRK
ST4IDJrjBt3hUMsGK2ZyN0/gBEnx6enQxki9i3iLpNfIXpaXbsmsKZNnbL6wm7o=
=DrnD
-----END PGP SIGNATURE-----
From thomas at northernsecurity.net Sat Oct 2 10:46:40 2004
From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=)
Date: Sat Oct 2 10:43:25 2004
Subject: Weaknesses in SHA-1
In-Reply-To: <20041002025537.Q23687@willy_wonka>
References: <3.0.5.32.20040922204843.012ffbe8@popc.ipa.net>
<200409271156.NAA02621@vulcan.xs4all.nl>
<20040927144930.GB5523__7534.50141423873$1096297653$gmane$org@jabberwocky.com>
<20040927200700.GA8139__40965.5465315611$1096315808$gmane$org@jabberwocky.com>
<20040928043412.GC9810@jabberwocky.com>
<20040928021550.F94659@willy_wonka>
<20041002025537.Q23687@willy_wonka>
Message-ID: <20041002084639.GB7703@northernsecurity.net>
On Sat, Oct 02, 2004 at 02:56:27AM -0400, Atom 'Smasher' wrote:
> with all this talk of (allegedly!) weak and broken hashes, i'd like to
> throw out a construct to combine 2 or more hashes and (it seems) make the
> construct more secure than either one of the hashes independently: take
> two or more hashes and XOR them.
And this creates what? Neither a sha1 or ripemed verification is
possible.
r = H(H(M))
or
H' = H(M)
H' -> H1,H2
H" = H(H1 xor H2)
r = H(H")
seems to me are better options, the first obviously faster than the
second.
the security improvements? none i guess if you're using anything else
than md5 or sha{0,1}.
/Thomas
--
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20041002/d74f8ac5/attachment.bin
From dshaw at jabberwocky.com Sat Oct 2 15:47:23 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat Oct 2 16:04:48 2004
Subject: [Announce] GnuPG 1.3.90 released (development)
Message-ID: <20041002134723.GB15332@jabberwocky.com>
Hello!
The latest release from the development branch of GnuPG is ready for
public consumption. This is a branch to create what will very soon
become GnuPG 1.4. As the version jump from 1.3.6 to 1.3.90 indicates,
the 1.4 release is expected soon. We encourage people to try this
development release and report any feedback or problems to
gnupg-devel@gnupg.org.
As always, note that while this code is stable enough for many uses,
it is still the development branch. Mission-critical applications
should use the 1.2.x stable branch.
The files are available from:
Gzipped:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.gz (3.6M)
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.gz.sig
Bzip2ed:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.bz2 (2.5M)
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90.tar.bz2.sig
MD5 checksums for the files are:
c3f1a4b5134ad15aae5f93897c8294fa gnupg-1.3.90.tar.bz2
767cf77145ea4ce0df3b2ca6e86ce0a9 gnupg-1.3.90.tar.bz2.sig
e3f8d36309bd63f05bae3b7371bcb994 gnupg-1.3.90.tar.gz
32a4376ae5a7a5b548bacd4d3a14816a gnupg-1.3.90.tar.gz.sig
Noteworthy changes in version 1.3.90 (2004-10-01)
-------------------------------------------------
* Readline support at all prompts is now available if the systems
provides a readline library. The build time option
--without-readline may be used to disable this feature.
* Support for the OpenPGP smartcard is now enabled by default.
Use the option --disable-card-support to build without support
for smartcards.
* New command "addcardkey" in the key edit menu to add subkeys to
a smartcard. New command "keytocard" to transfer a key to a
smartcard.
The serial number of the card is show in secret key listings.
* -K may now be used as an alias for --list-secret-keys.
* HTTP Basic authentication is now supported for all HKP and HTTP
keyserver functions, either through a proxy or via direct
access.
Enjoy!
The GnuPG team (David, Stefan, Timo and Werner)
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From johanw at vulcan.xs4all.nl Sun Oct 3 01:14:23 2004
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Sun Oct 3 01:10:52 2004
Subject: [Announce] GnuPG 1.3.90 released (development)
In-Reply-To: <20041002134723.GB15332@jabberwocky.com> from David Shaw at "Oct
2, 2004 09:47:23 am"
Message-ID: <200410022314.BAA10947@vulcan.xs4all.nl>
David Shaw wrote:
>The latest release from the development branch of GnuPG is ready for
>public consumption.
I tested 1.3.90 on my old libc5 based Linux system and it compiles and
works fine. Passes all tests and compatibility with pgp 2.6 is OK.
I'll try it tomorrow on my Slackware 10 system.
BTW, my buildscript containes the option --enable-tiger; I was surprised
to see that the 1.3.90 configure script didn't barf on it but silently
ignored it.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From shavital at mac.com Sun Oct 3 01:15:38 2004
From: shavital at mac.com (Charly Avital)
Date: Sun Oct 3 01:12:52 2004
Subject: [Announce] GnuPG 1.3.90 released (development)
In-Reply-To: <20041002134723.GB15332@jabberwocky.com>
References: <20041002134723.GB15332@jabberwocky.com>
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
built on MacOS X (10.3.5) PowerPC 750 (1.12) Darwin 7.5.0, with idea.c.
No compiling problems, no usage problems.
As usual, thanks for your work, and hoping 1.4 will also build as
easily under oncoming MacOS X codename Tiger (10.4).
Charly
On Oct 2, 2004, at 9:47 AM, David Shaw wrote:
> Hello!
>
> The latest release from the development branch of GnuPG is ready for
> public consumption. This is a branch to create what will very soon
> become GnuPG 1.4. As the version jump from 1.3.6 to 1.3.90 indicates,
> the 1.4 release is expected soon. We encourage people to try this
> development release and report any feedback or problems to
> gnupg-devel@gnupg.org.
>
> As always, note that while this code is stable enough for many uses,
> it is still the development branch. Mission-critical applications
> should use the 1.2.x stable branch.
>
> The files are available from:
>
> [...]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.90 (Darwin)
iD8DBQFBXzan8SG5rMkbCF4RAoR9AKCNMViU0kWpwu80hnwGC9dLZotUrwCfahYv
5CBHBjtsQ0XE+DUgZ0PBsUs=
=aCDe
-----END PGP SIGNATURE-----
From shatadal at vfemail.net Sun Oct 3 01:29:16 2004
From: shatadal at vfemail.net (shatadal@vfemail.net)
Date: Sun Oct 3 01:25:57 2004
Subject: Implications of using insecure memory
Message-ID: <1096759756.b90348978578b@www.vfemail.net>
Hi,
I am a new user of gnupg. I use gnupg on my windows laptop and linux desktop.
Thie first time I tried to run gpg on linux as a user I got the insecure memory
warning:
"gpg: WARNING: using insecure memory!"
On reading the faq I read
"On some systems (e.g., Windows) GnuPG does not lock memory pages and older
GnuPG versions (<=1.0.4) issue the warning:
gpg: Please note that you don't have secure memory
This warning can't be switched off by the above option because it was thought to
be too serious an issue. However, it confused users too much, so the warning
was eventually removed"
As a new user I want to know what are the implications of using gpg with
insecure memory in windows and linux, how serious are they and what steps can I
take to improve security? Does insecure memory mean that I should not use gpg
on sych systems?
Thanks,
Shatadal.
-------------------------------------------------
This mail sent through Virus Free Email
http://www.vfemail.net
From dshaw at jabberwocky.com Sun Oct 3 01:48:50 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun Oct 3 01:45:38 2004
Subject: [Announce] GnuPG 1.3.90 released (development)
In-Reply-To: <200410022314.BAA10947@vulcan.xs4all.nl>
References: <20041002134723.GB15332@jabberwocky.com>
<200410022314.BAA10947@vulcan.xs4all.nl>
Message-ID: <20041002234849.GE15332@jabberwocky.com>
On Sun, Oct 03, 2004 at 01:14:23AM +0200, Johan Wevers wrote:
> David Shaw wrote:
>
> >The latest release from the development branch of GnuPG is ready for
> >public consumption.
>
> I tested 1.3.90 on my old libc5 based Linux system and it compiles and
> works fine. Passes all tests and compatibility with pgp 2.6 is OK.
> I'll try it tomorrow on my Slackware 10 system.
>
> BTW, my buildscript containes the option --enable-tiger; I was surprised
> to see that the 1.3.90 configure script didn't barf on it but silently
> ignored it.
This is an autoconf thing, not a GnuPG thing. Configure scripts allow
any options, legal or not.
David
From atom at suspicious.org Sun Oct 3 05:14:32 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Sun Oct 3 05:11:32 2004
Subject: Implications of using insecure memory
In-Reply-To: <1096759756.b90348978578b@www.vfemail.net>
References: <1096759756.b90348978578b@www.vfemail.net>
Message-ID: <20041002230902.T23687@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, 2 Oct 2004 shatadal@vfemail.net wrote:
> As a new user I want to know what are the implications of using gpg with
> insecure memory in windows and linux, how serious are they and what
> steps can I take to improve security? Does insecure memory mean that I
> should not use gpg on sych systems?
=================
it means that sensitive information, such as a passphrase or secret key
*might* be written to a disk swap space. if that happens, and someone
stole your HD, they could search the disk and maybe find something that
could compromise your key.
i dunno about windoze, but on *nix you can solve this by setuid-ing the
gpg binary... that would force it to only use secure memory (RAM) and not
write to disk swap.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Microsoft shouldn't be broken up. It should be shut down."
-- Bruce Schneier, 15 May 2000
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBX26dAAoJEAx/d+cTpVcikMwIAKed2kI0PgpxvWUc2OsTKMHg
iSK7aLRDHPcyBCCpr7wIOkujN5xlNQdCCyWNY/gzLLb1Vl7YzDLRWcMKH/Gt47kK
chl3iqCNtz8xIveUvR9UITCkIVzmlmVkSpAkxwpSR67vHR2b1aVrWruv4gyNYlly
2vEECFQBiG9jYaoyVlQqd+neqEqJoT/gISVqfx7RJLXCFAxuBTKHKg9aHc9InuoY
FCo2VHExwPzwQBfJ7i6wHvTCnhaq5tfZNJhZRsvB1t3nrNRzWE4nIi26cwmlUiWo
DuoqQP4YfeftlNtr5UZ/jGG/MOVMHY5hzZH+p5HOvMfx2xTdUIK2xibJAB8aOiw=
=QzL/
-----END PGP SIGNATURE-----
From ajaja at mail.ru Sun Oct 3 18:57:22 2004
From: ajaja at mail.ru (Alex Moroz)
Date: Sun Oct 3 18:53:30 2004
Subject: [Announce] GnuPG 1.3.90 released (development)
In-Reply-To: <20041002134723.GB15332@jabberwocky.com>
References: <20041002134723.GB15332@jabberwocky.com>
Message-ID: <899506412.20041003195722@mail.ru>
Hello!
I have a strange problem in my Mingw32 (GCC 3.4.2) build of GnuPG
v1.3.90. An 'updpref' command not function. The programm crashes.
GnuPG v1.3.6 build was OK.
Hope for your help.
--
Best regards,
Alex. mailto:ajaja@mail.ru
From pt at radvis.nu Sun Oct 3 20:09:33 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Sun Oct 3 20:05:41 2004
Subject: Weaknesses in SHA-1
In-Reply-To: <20041002084639.GB7703@northernsecurity.net>
References: <3.0.5.32.20040922204843.012ffbe8@popc.ipa.net>
<200409271156.NAA02621@vulcan.xs4all.nl>
<20040927144930.GB5523__7534.50141423873$1096297653$gmane$org@jabberwocky.com>
<20040927200700.GA8139__40965.5465315611$1096315808$gmane$org@jabberwocky.com>
<20040928043412.GC9810@jabberwocky.com>
<20040928021550.F94659@willy_wonka>
<20041002025537.Q23687@willy_wonka>
<20041002084639.GB7703@northernsecurity.net>
Message-ID: <6.1.2.0.2.20041003200736.02d14060@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 10:46 2004-10-02, you wrote:
>``--------------------------------------------------------------------
>---On
>Sat, Oct 02, 2004 at 02:56:27AM -0400, Atom 'Smasher' wrote:
>> with all this talk of (allegedly!) weak and broken hashes, i'd like
>> to
>> throw out a construct to combine 2 or more hashes and (it seems)
>> make the
>> construct more secure than either one of the hashes independently:
>> take
>> two or more hashes and XOR them.
>
>And this creates what? Neither a sha1 or ripemed verification is
>possible.
>
>r = H(H(M))
>
>or
>
>H' = H(M)
>H' -> H1,H2
>H" = H(H1 xor H2)
>r = H(H")
>
>seems to me are better options, the first obviously faster than the
>second.
>the security improvements? none i guess if you're using anything else
>than md5 or sha{0,1}.
>
>/Thomas
>--
Would you please supply a legend? I cannot interpret your mail.
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
iD8DBQFBYEBWaDDfzFT+2PIRAivPAJ4vsL6smPnIpNi3JtVEBj1Ji6xv9gCgmx4x
xCf8H59B9DqrK6rlvAaRXAc=
=TaZ4
-----END PGP SIGNATURE-----
From thomas at northernsecurity.net Sun Oct 3 20:32:57 2004
From: thomas at northernsecurity.net (Thomas =?iso-8859-1?Q?Sj=F6gren?=)
Date: Sun Oct 3 20:29:37 2004
Subject: Weaknesses in SHA-1
In-Reply-To: <6.1.2.0.2.20041003200736.02d14060@localhost>
References: <200409271156.NAA02621@vulcan.xs4all.nl>
<20040927144930.GB5523__7534.50141423873$1096297653$gmane$org@jabberwocky.com>
<20040927200700.GA8139__40965.5465315611$1096315808$gmane$org@jabberwocky.com>
<20040928043412.GC9810@jabberwocky.com>
<20040928021550.F94659@willy_wonka>
<20041002025537.Q23687@willy_wonka>
<20041002084639.GB7703@northernsecurity.net>
<6.1.2.0.2.20041003200736.02d14060@localhost>
Message-ID: <20041003183256.GA4647@northernsecurity.net>
On Sun, Oct 03, 2004 at 08:09:33PM +0200, Per Tunedal Casual wrote:
> >r = H(H(M))
> >
> >or
> >
> >H' = H(M)
> >H' -> H1,H2
> >H" = H(H1 xor H2)
> >r = H(H")
> Would you please supply a legend? I cannot interpret your mail.
r = H(M) means result of Hash of message M
H' and H" are hash number one and two
H' -> H1,H2 means that you should split hash number one into two parts
/Thomas
--
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20041003/01975d13/attachment.bin
From ajaja at mail.ru Sun Oct 3 20:46:24 2004
From: ajaja at mail.ru (Alex Moroz)
Date: Sun Oct 3 20:43:24 2004
Subject: [Announce] GnuPG 1.3.90 released (development)
In-Reply-To: <899506412.20041003195722@mail.ru>
References: <20041002134723.GB15332@jabberwocky.com>
<899506412.20041003195722@mail.ru>
Message-ID: <1179620959.20041003214624@mail.ru>
Hello!
M> I have a strange problem in my Mingw32 (GCC 3.4.2) build of GnuPG
AM> v1.3.90. An 'updpref' command not function. The programm crashes.
AM> GnuPG v1.3.6 build was OK.
I commented line 1750 in g10/keyedit.c:
//show_prefs(temp,NULL,1))
and crash disappeared.
Why NULL? There is access to variable 'selfsig' (second param in
show_prefs) in this function (line 1974 of keyedit.c):
pref_ks=parse_sig_subpkt(selfsig->hashed, SIGSUBPKT_PREF_KS,&pref_ks_len);
^^^^^^^^^^^^^^^^
--
Best regards,
Alex. mailto:ajaja@mail.ru
From jharris at widomaker.com Mon Oct 4 01:51:25 2004
From: jharris at widomaker.com (Jason Harris)
Date: Mon Oct 4 01:48:19 2004
Subject: new (2004-10-03) keyanalyze results (+sigcheck)
Message-ID: <20041003235125.GD1671@p5.widomaker.com>
New keyanalyze results are available at:
http://keyserver.kjsl.com/~jharris/ka/2004-10-03/
Signatures are now being checked using keyanalyze+sigcheck:
http://dtype.org/~aaronl/
Earlier reports are also available, for comparison:
http://keyserver.kjsl.com/~jharris/ka/
Even earlier monthly reports are at:
http://dtype.org/keyanalyze/
SHA-1 hashes and sizes for all the "permanent" files:
79053a2e03edf6a3324dfa4b46fcc0177e77fd17 10589904 preprocess.keys
e8f443573ea05db4908831ed35cb98c3140a6105 6897803 othersets.txt
f5c7d37d71fd64f32f484000e41eaab8601df629 2710276 msd-sorted.txt
b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html
e56b83ea3068d7f87929aeef1fa029894423a948 2289 keyring_stats
d11170fd0d7ebc6076133edeb19188ad8d84ab09 1065474 msd-sorted.txt.bz2
7cd126c4506db42334171656926237e52ddde0e8 26 other.txt
ca08c537ae0cf6f3f359a28d30068a12eb33532a 1475388 othersets.txt.bz2
c904a97529bc45bc2880c959f3687c75d52df65a 4283158 preprocess.keys.bz2
f3d4b34d47ef12eec50507a9b192aebc63673950 10337 status.txt
2a53a143745e4ce8684a401678b6e13ebe47dcfd 211461 top1000table.html
0ae77abf029a97c9790ed0c3452217081cb9c487 30495 top1000table.html.gz
8e0e4496414bfb03500b8e23ea32480628798e82 10983 top50table.html
4b20fcf198dbb5f08dcdebec0da9bcd02f4dc4b1 2579 D3/D39DA0E3
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041003/69338fed/attachment.bin
From dshaw at jabberwocky.com Mon Oct 4 03:18:49 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Oct 4 03:15:34 2004
Subject: updpref problem
In-Reply-To: <899506412.20041003195722@mail.ru>
References: <20041002134723.GB15332@jabberwocky.com>
<899506412.20041003195722@mail.ru>
Message-ID: <20041004011849.GA10860@jabberwocky.com>
Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
Url : /pipermail/attachments/20041003/5cc9a065/attachment-0001.bin
From shatadal at vfemail.net Mon Oct 4 04:56:32 2004
From: shatadal at vfemail.net (shatadal@vfemail.net)
Date: Mon Oct 4 04:53:12 2004
Subject: Implications of using insecure memory
In-Reply-To: <20041002230902.T23687@willy_wonka>
References: <1096759756.b90348978578b@www.vfemail.net>
<20041002230902.T23687@willy_wonka>
Message-ID: <1096858592.02c913acc4ea0@www.vfemail.net>
Quoting Atom 'Smasher' :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Sat, 2 Oct 2004 shatadal@vfemail.net wrote:
>
> > As a new user I want to know what are the implications of using gpg with
> > insecure memory in windows and linux, how serious are they and what
> > steps can I take to improve security? Does insecure memory mean that I
> > should not use gpg on sych systems?
> =================
>
> it means that sensitive information, such as a passphrase or secret key
> *might* be written to a disk swap space. if that happens, and someone
> stole your HD, they could search the disk and maybe find something that
> could compromise your key.
>
> i dunno about windoze, but on *nix you can solve this by setuid-ing the
> gpg binary... that would force it to only use secure memory (RAM) and not
> write to disk swap.
>
>
> ...atom
I use windows. Does that mean that I should not use gpg on windows? Or should I
install some utility to wipe the disc swap space and use it every time after I
have used gpg? Could you point me to any program which does this?
-------------------------------------------------
This mail sent through Virus Free Email
http://www.vfemail.net
From atom at suspicious.org Mon Oct 4 05:00:29 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Mon Oct 4 04:57:16 2004
Subject: Implications of using insecure memory
In-Reply-To: <1096858592.02c913acc4ea0@www.vfemail.net>
References: <1096759756.b90348978578b@www.vfemail.net>
<20041002230902.T23687@willy_wonka>
<1096858592.02c913acc4ea0@www.vfemail.net>
Message-ID: <20041003225826.T23687@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, 3 Oct 2004 shatadal@vfemail.net wrote:
> I use windows. Does that mean that I should not use gpg on windows? Or
> should I install some utility to wipe the disc swap space and use it
> every time after I have used gpg? Could you point me to any program
> which does this?
========================
if you're concerned about security, you should consider getting rid of
windoze (IMHO).
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Our enemies are innovative and resourceful, and so
are we. They never stop thinking about new ways to
harm our country and our people, and neither do we"
-- George "dubya" Bush, 5 Aug 2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBYLzVAAoJEAx/d+cTpVciDUEH/iKbfPkCLRpPJd8EvJPkcUPj
qfo7eg+vARbfSYPXc/B8TFsuP3opT/b2mge/G5/sWQTgtKkRi6x0COpp0bbkeZsM
OT82Iqc4ENf67e6DS41TKVSmFLkEUYFTAujGdCJi4APLcKVto0xuX4qtDAC6Sosp
iSL5Mzjf/WC8e19wjGDszOERfy2fSnSRwZ7/nNhTaMpL3tTqPbhqClXeV1E9828S
jsw5LU0xGTuxFsvVs1ZtuwxogjjxVSn7/3P5HWaSM5QoUSpSeVTMhCj6Y5ZB5hpz
jf1RyviuMy8M2UmOsd9sZLNj0brRzM476wJGD74HIQtGlbJQJXdC3AHa+NwsI1E=
=G5TB
-----END PGP SIGNATURE-----
From skquinn at xevious.kicks-ass.net Mon Oct 4 07:50:37 2004
From: skquinn at xevious.kicks-ass.net (Shawn K. Quinn)
Date: Mon Oct 4 08:49:23 2004
Subject: Implications of using insecure memory
In-Reply-To: <1096759756.b90348978578b@www.vfemail.net>
References: <1096759756.b90348978578b@www.vfemail.net>
Message-ID: <200410040050.50072.skquinn@xevious.kicks-ass.net>
On Saturday 02 October 2004 18:29, shatadal@vfemail.net wrote:
> Hi,
>
> I am a new user of gnupg. I use gnupg on my windows laptop and linux
> desktop. Thie first time I tried to run gpg on linux as a user I got
> the insecure memory warning:
>
> "gpg: WARNING: using insecure memory!"
>
> On reading the faq I read
>
> "On some systems (e.g., Windows) GnuPG does not lock memory pages and
> older GnuPG versions (<=1.0.4) issue the warning:
>
> gpg: Please note that you don't have secure memory
>
> This warning can't be switched off by the above option because it was
> thought to be too serious an issue. However, it confused users too
> much, so the warning was eventually removed"
>
> As a new user I want to know what are the implications of using gpg
> with insecure memory in windows and linux, how serious are they and
> what steps can I take to improve security? Does insecure memory mean
> that I should not use gpg on sych systems?
The security risks from using Windows are such that I would be very
leery of relying on an encryption application to provide any security
on a Windows computer.
As far as GNU/Linux, it's simple to get rid of this warning, you can
simply run "chmod u+s `which gpg`" (GnuPG will detect that it's running
setuid root and drop privileges).
--
Shawn K. Quinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041004/f597bfb9/attachment.bin
From anibalrojas at gmail.com Mon Oct 4 12:30:09 2004
From: anibalrojas at gmail.com (=?ISO-8859-1?Q?An=EDbal_Rojas?=)
Date: Mon Oct 4 12:26:55 2004
Subject: Special characters in passphrase not being recognized
Message-ID:
Hi, I am complety new to GnuPG, currently I am playing with version
1.2.1. With "Windows Privacy Tools" I managed to create a key where
the passprhase contains special characters (accented characters and so
on), when I do my tests using WPT everything works ok, but when I use
gpg.exe (Windows 2K) it just doesn't recognize my passphrase.
I hace done many tests changin the passphrase (through WPT) to include
and excluse special characters, and the behavios looks consistent.
There is no CAPS LOCK problem, etc.
I have searched through the lists messages, faqs, etc. But I havent
found anything useful.
--
An?bal Rojas
anibalrojas@gmail.com
From shatadal at vfemail.net Mon Oct 4 19:11:17 2004
From: shatadal at vfemail.net (shatadal@vfemail.net)
Date: Mon Oct 4 19:07:59 2004
Subject: Implications of using insecure memory
In-Reply-To: <200410040050.50072.skquinn@xevious.kicks-ass.net>
References: <1096759756.b90348978578b@www.vfemail.net>
<200410040050.50072.skquinn@xevious.kicks-ass.net>
Message-ID: <1096909877.46596568892d5@www.vfemail.net>
Quoting "Shawn K. Quinn" :
> On Saturday 02 October 2004 18:29, shatadal@vfemail.net wrote:
> > Hi,
> >
> > I am a new user of gnupg. I use gnupg on my windows laptop and linux
> > desktop. Thie first time I tried to run gpg on linux as a user I got
> > the insecure memory warning:
> >
> > "gpg: WARNING: using insecure memory!"
> >
> > On reading the faq I read
> >
> > "On some systems (e.g., Windows) GnuPG does not lock memory pages and
> > older GnuPG versions (<=1.0.4) issue the warning:
> >
> > gpg: Please note that you don't have secure memory
> >
> > This warning can't be switched off by the above option because it was
> > thought to be too serious an issue. However, it confused users too
> > much, so the warning was eventually removed"
> >
> > As a new user I want to know what are the implications of using gpg
> > with insecure memory in windows and linux, how serious are they and
> > what steps can I take to improve security? Does insecure memory mean
> > that I should not use gpg on sych systems?
>
> The security risks from using Windows are such that I would be very
> leery of relying on an encryption application to provide any security
> on a Windows computer.
>
> As far as GNU/Linux, it's simple to get rid of this warning, you can
> simply run "chmod u+s `which gpg`" (GnuPG will detect that it's running
> setuid root and drop privileges).
Another poster also talked about getting rid of windows. However I do need to
run windows from time to time. Also I do not have root access on my linux
machine (it is used at work). So does that mean that gpg is not for me? Or is
there anything available which could erase the swap space anytime I want? I
just looked around in the M$ knowledgebase and it has a workaround to clear the
pagefile at shutdown. Is that a useful compromise?
>
> --
> Shawn K. Quinn
>
-------------------------------------------------
This mail sent through Virus Free Email
http://www.vfemail.net
From twoaday at freakmail.de Mon Oct 4 19:37:30 2004
From: twoaday at freakmail.de (Timo Schulz)
Date: Mon Oct 4 19:38:46 2004
Subject: Special characters in passphrase not being recognized
In-Reply-To:
References:
Message-ID: <20041004173730.GA16785@daredevil.joesixpack.net>
On Mon Oct 04 2004; 06:30, An?bal Rojas wrote:
> 1.2.1. With "Windows Privacy Tools" I managed to create a key where
> the passprhase contains special characters (accented characters and so
> on), when I do my tests using WPT everything works ok, but when I use
In earlier versions of WinPT the UTF-8 support was broken. It is still
not complete but WinPT 0.9.12 has a workaround for this.
Timo
--
Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org)
WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html)
From malte.gell at gmx.de Mon Oct 4 19:49:13 2004
From: malte.gell at gmx.de (Malte Gell)
Date: Mon Oct 4 19:46:22 2004
Subject: Implications of using insecure memory
In-Reply-To: <1096858592.02c913acc4ea0@www.vfemail.net>
References: <1096759756.b90348978578b@www.vfemail.net>
<20041002230902.T23687@willy_wonka>
<1096858592.02c913acc4ea0@www.vfemail.net>
Message-ID: <200410041949.13589.malte.gell@gmx.de>
On Monday 04 October 2004 04:56, shatadal@vfemail.net wrote:
> Quoting Atom 'Smasher' :
[...]
> > i dunno about windoze, but on *nix you can solve this by setuid-ing
> > the gpg binary... that would force it to only use secure memory
> > (RAM) and not write to disk swap.
>
> I use windows. Does that mean that I should not use gpg on windows?
> Or should I install some utility to wipe the disc swap space and use
> it every time after I have used gpg? Could you point me to any
> program which does this?
You can tell Windows to clean the swap file with a simple registry
entry, see
http://www.winguides.com/registry/display.php/244/
But this is really only a minor issue concerning the severe
vulnerabilities that emerged over the last few years.
Malte
From amilivojevic at pbl.ca Mon Oct 4 20:27:56 2004
From: amilivojevic at pbl.ca (Aleksandar Milivojevic)
Date: Mon Oct 4 20:20:48 2004
Subject: Implications of using insecure memory
In-Reply-To: <1096909877.46596568892d5@www.vfemail.net>
References: <1096759756.b90348978578b@www.vfemail.net> <200410040050.50072.skquinn@xevious.kicks-ass.net>
<1096909877.46596568892d5@www.vfemail.net>
Message-ID: <4161962C.3020503@pbl.ca>
shatadal@vfemail.net wrote:
> Another poster also talked about getting rid of windows. However I do need to
> run windows from time to time. Also I do not have root access on my linux
> machine (it is used at work). So does that mean that gpg is not for me? Or is
> there anything available which could erase the swap space anytime I want? I
> just looked around in the M$ knowledgebase and it has a workaround to clear the
> pagefile at shutdown. Is that a useful compromise?
For Linux box, you can ask your sysadmin to install gpg with setuid bit set.
For Windows and erasing the swap space, it depends on what it actually
does (I'm not an Windows expert). If the file is simply "deleted" from
the disk and recreated on next boot, nope it is not sufficient (blocks
where the data is will be unalocated, but data on them will be intact
until something else writes to that part of the disk). On the other
hand if it overwrites the content of swap file with zeros (or does
something similar), than you are kinda safe. It won't stop inteligence
agency from recovering the data (see my previous reply), but it will
stop almost anybody else. So, unless somebody can make millions $$$ out
of your data, most likely nobody will bother to recover it.
If after setting that registry setting time to shutdown machine becomes
much longer, than it is most likely doing the right thing. Although,
while machine is running, anything with access to swap file can read
information from it. So it is not ideal solution. It is kind of in the
middle.
If shutdown time stays almost the same, than it is simply removing the
file (marking file as deleted), which does not give you any more
security. In that case setting that registry entry is pointless.
--
Aleksandar Milivojevic Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
From atom at suspicious.org Mon Oct 4 21:35:14 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Mon Oct 4 21:32:25 2004
Subject: Implications of using insecure memory
In-Reply-To: <1096909877.46596568892d5@www.vfemail.net>
References: <1096759756.b90348978578b@www.vfemail.net>
<200410040050.50072.skquinn@xevious.kicks-ass.net>
<1096909877.46596568892d5@www.vfemail.net>
Message-ID: <20041004152916.A23687@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, 4 Oct 2004 shatadal@vfemail.net wrote:
> Another poster also talked about getting rid of windows. However I do
> need to run windows from time to time. Also I do not have root access on
> my linux machine (it is used at work). So does that mean that gpg is not
> for me?
==============
it's not that gpg isn't secure on windoze; it that *nothing* can be made
secure in windoze.
if you have a need to use pgp, GnuPG is great, but like any application it
can't overcome deficiencies in the OS. use what you need to use, but if
security (and/or reliability) is non-trivial you'll need to start using
*nix or maybe mac-os.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Destroy the family, and the society will collapse."
-- Vladimir Lenin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBYaX4AAoJEAx/d+cTpVciru0H/3Rz5ceU6F/7lN9h2OGUQmr0
poXpHQrvd9Y17ZV4X41G0JtjwklQE1V0ovloqwRVG1kqK5FX+aRevH81BQ3ezKby
yfpX8sQw0bVJch15zQ/Mw2RP369aMmjLP1tWOki6QL2NoRd4EDULvEgfHlZkN0ft
YJs/YaLsiLzRZ8dSbvVGLw/ybZWCjEO3k1qNkZPip74riHM/Mt5RFUGNEeu7JMoh
blZGmVMAaOAMhz4ySJd8HHYmvf8/0xVO8ImP0XQD6SNnT70qeOyApxJyqSjGcMND
dq4hUJBhujZUnz3lwFIIXuCHzdDNZpf627UAkofoJZ6P3Wu6hcLWGRTaxemCoE8=
=7zGY
-----END PGP SIGNATURE-----
From atom at suspicious.org Mon Oct 4 21:46:10 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Mon Oct 4 21:42:55 2004
Subject: Implications of using insecure memory
In-Reply-To: <4161962C.3020503@pbl.ca>
References: <1096759756.b90348978578b@www.vfemail.net>
<200410040050.50072.skquinn@xevious.kicks-ass.net>
<1096909877.46596568892d5@www.vfemail.net>
<4161962C.3020503@pbl.ca>
Message-ID: <20041004153936.Y23687@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, 4 Oct 2004, Aleksandar Milivojevic wrote:
> For Linux box, you can ask your sysadmin to install gpg with setuid bit
> set.
==================
supplying a password to *any* application being run on a box that isn't
under your direct administrative and physical control is a risk, and
shouldn't be overlooked. however, it pales in comparison to using pgp/gpg
on windows.
in the case above, if we assume that the sysadmin is doing his job of
keeping the computer secure, then the sysadmin is the only one who could
compromise your key: this can be done with a trojan binary or just reading
physical memory. with windoze, any half-wit script-kiddie or international
data crook can get your key.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Sure, it's going to kill a lot of people,
but they may be dying of something else anyway."
-- Othal Brand,
member of a Texas pesticide review board,
comments on Chlordane
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBYaiIAAoJEAx/d+cTpVcizhIIAINQd09nYxVgDY7bbHBRwhf4
nw8c7aJDSdQwqummti9nhknSF7TdsNGt4ei8oCq9k0eCfebEUZbqZZSA97WVJ4+K
0YqCsiQdEQucnLLZKnx203ft/G2uLVNANov43RpQbOf8pJ6Ir2BnxVAOHa3S5dq1
QSCqYSN/Wo+r5sIxEHNqN8HmsHvpIqi6RLlETm6J7xxVCqNLIbuUMF6u8TiU4A/m
dH6BwVs+7GM+NQGbAxfQ4rQY0IBMu8hOCcpwUl99BHpXVvLNCX2BDadziUcyawZF
Oi4oMQ0cIp3gtUCwBWSUjbbZdc0DvmVl+sKcQmcEYd+iOXU5EhAmutqMPyNjKEM=
=x5GQ
-----END PGP SIGNATURE-----
From ebenze at hotmail.com Mon Oct 4 20:31:31 2004
From: ebenze at hotmail.com (Eric B.)
Date: Mon Oct 4 22:36:59 2004
Subject: Encrypting / decrypting without importing keys?
Message-ID:
Hi,
I'm new to GnuPG and was wondering if it was possible to encrypt and/or
decrypt without needing to first import the keys into gpg. I'm looking to
use gpg to encrypt data from a web page, where the user specifies the public
key to encrypt data, and then eventually a private key to decrypt it.
Additionally, is there anyway I can specify the keys to use as coming from
standard in or standard out instead of being file based?
Thanks!
Eric
From ml at bitfalle.org Tue Oct 5 00:42:20 2004
From: ml at bitfalle.org (markus reichelt)
Date: Mon Oct 4 22:40:18 2004
Subject: [Announce] GnuPG 1.3.90 released (development)
In-Reply-To: <200410022314.BAA10947@vulcan.xs4all.nl>
References: <20041002134723.GB15332@jabberwocky.com>
<200410022314.BAA10947@vulcan.xs4all.nl>
Message-ID: <20041004224220.GA4820@dantooine>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Johan Wevers wrote:
> I tested 1.3.90 on my old libc5 based Linux system and it compiles and
> works fine. Passes all tests and compatibility with pgp 2.6 is OK.
> I'll try it tomorrow on my Slackware 10 system.
it compiles just fine on my slack 10, make check produces no errors
- --
Bastard Administrator in $hell
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBYdHMLMyTO8Kj/uQRAoZ5AJ9RROJ+H1ag2TBe+cjDKQ4AxtmkZQCgjG9s
op3G5ZSvGoKQNljLaEaBl28=
=pPfB
-----END PGP SIGNATURE-----
From anibalrojas at gmail.com Mon Oct 4 22:48:30 2004
From: anibalrojas at gmail.com (=?ISO-8859-1?Q?An=EDbal_Rojas?=)
Date: Mon Oct 4 22:45:26 2004
Subject: Special characters in passphrase not being recognized
In-Reply-To: <20041004173730.GA16785@daredevil.joesixpack.net>
References:
<20041004173730.GA16785@daredevil.joesixpack.net>
Message-ID:
But I have no proble using WPT, the problem arises when I use gpg.exe
via the DOS console, I suppose it is related to the encoding but I use
the DOS window with special characters without any other problem.
On Mon, 4 Oct 2004 19:37:30 +0200, Timo Schulz wrote:
> On Mon Oct 04 2004; 06:30, An?bal Rojas wrote:
>
> > 1.2.1. With "Windows Privacy Tools" I managed to create a key where
> > the passprhase contains special characters (accented characters and so
> > on), when I do my tests using WPT everything works ok, but when I use
>
> In earlier versions of WinPT the UTF-8 support was broken. It is still
> not complete but WinPT 0.9.12 has a workaround for this.
>
> Timo
>
> --
> Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org)
> WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html)
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
--
An?bal Rojas
anibalrojas@gmail.com
From atom at suspicious.org Mon Oct 4 22:57:11 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Mon Oct 4 22:54:04 2004
Subject: Encrypting / decrypting without importing keys?
In-Reply-To:
References:
Message-ID: <20041004164637.K23687@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> I'm new to GnuPG and was wondering if it was possible to encrypt and/or
> decrypt without needing to first import the keys into gpg. I'm looking
> to use gpg to encrypt data from a web page, where the user specifies the
> public key to encrypt data, and then eventually a private key to decrypt
> it.
>
> Additionally, is there anyway I can specify the keys to use as coming
> from standard in or standard out instead of being file based?
====================
you can save a key into a file and use something like:
gpg --no-default-keyring --keyring key-file --trust-model always -ear user
this hack allows an encryption key to be used without importing it. how to
convert an ascii key into a binary key is an exercise i leave to the
reader; it isn't that hard to do but an ascii key won't work.
also, see if does most
of what you need. it sounds like you'd have to tweak this, but the major
work is done.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"The sum of intelligence on the planet is a constant.
The population is increasing."
-- Cole's Axiom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBYbktAAoJEAx/d+cTpVciVQgIAIL78J59FUKQMp0TORZ8e3NC
N2GGnZpDCX2l4QM5FxUYB1jbc/QSPRAZUAUwFTEX1ysqHa651GpMJqcEvya02T45
zqRLOBlANfu3vgNU9h/1hJXCB0ynZQkldPcr/2RdBDX9vm5Tik/c9od71nNgJcph
GQU29c5ZTG+jcBM7GPkr/MTnns7b/+ttJjO6yOLD7s5iEqbnEmIfp8cKLMbRMcLD
+i7al0wTtN76aH+4vHkZUUyLv8aksGvfx6LtafelyV2syjPGf/a+7g9r9V0wCes5
gr3VLWq9Wo/P4gKriSS25a6HwCoIfiDjc3/6XKbk/1MJcSuxyLOLgjy8E/1Xqm4=
=Y7x3
-----END PGP SIGNATURE-----
From chd at chud.net Mon Oct 4 23:53:05 2004
From: chd at chud.net (Chris De Young)
Date: Mon Oct 4 23:49:42 2004
Subject: Implications of using insecure memory
In-Reply-To: <20041004152916.A23687@willy_wonka>
References: <1096759756.b90348978578b@www.vfemail.net>
<200410040050.50072.skquinn@xevious.kicks-ass.net>
<1096909877.46596568892d5@www.vfemail.net>
<20041004152916.A23687@willy_wonka>
Message-ID: <20041004215305.GF994@dionysus.chud.net>
> it's not that gpg isn't secure on windoze; it that *nothing* can be made
> secure in windoze.
>
> if you have a need to use pgp, GnuPG is great, but like any application it
> can't overcome deficiencies in the OS. use what you need to use, but if
> security (and/or reliability) is non-trivial you'll need to start using
> *nix or maybe mac-os.
One thing to note in passing is that most of this worry applies to
cases where other people besides you also have access to your windows
box. If the box itself is physically secure and you're mostly worried
about making sure the data in encrypted before it leaves the box, then
running GnuPG on Windows should be just fine.
Be aware that you still need to be a reasonably attentive Windows
admin though, and protect the box from network-borne compromises; if a
remote user can use a particular exploit to run their own code on your
box without your permission then they can still exploit the probles
discussed in this thread.
It's up to you to decide what the cost of such a compromise might be
compared with the cost of preventing it. For me, I don't think it's
frankly much of a worry, but that's something you have to decide.
Cheers,
-Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041004/f9075684/attachment.bin
From holtzm at sonic.net Tue Oct 5 03:15:41 2004
From: holtzm at sonic.net (Bob Holtzman)
Date: Tue Oct 5 03:03:40 2004
Subject: Implications of using insecure memory
In-Reply-To: <1096909877.46596568892d5@www.vfemail.net>
References: <1096759756.b90348978578b@www.vfemail.net>
<200410040050.50072.skquinn@xevious.kicks-ass.net>
<1096909877.46596568892d5@www.vfemail.net>
Message-ID:
On Mon, 4 Oct 2004 shatadal@vfemail.net wrote:
> Another poster also talked about getting rid of windows. However I do need to
> run windows from time to time. Also I do not have root access on my linux
> machine (it is used at work). So does that mean that gpg is not for me? Or is
> there anything available which could erase the swap space anytime I want? I
> just looked around in the M$ knowledgebase and it has a workaround to clear the
> pagefile at shutdown. Is that a useful compromise?
Check out BCWipe
--
Bob Holtzman
"If you think you're getting free lunch,
......check the price of the beer!"
From johanw at vulcan.xs4all.nl Tue Oct 5 04:28:44 2004
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Tue Oct 5 04:42:28 2004
Subject: Implications of using insecure memory
In-Reply-To: <20041004153936.Y23687@willy_wonka> from "Atom 'Smasher'" at "Oct
4, 2004 03:46:10 pm"
Message-ID: <200410050228.EAA01586@vulcan.xs4all.nl>
Atom 'Smasher' wrote:
>supplying a password to *any* application being run on a box that isn't
>under your direct administrative and physical control is a risk, and
>shouldn't be overlooked. however, it pales in comparison to using pgp/gpg
>on windows.
Well, I would feel more secure entering a password on my machine, which I
have under physical control, when it has booted windows than when I would
do it on a Linux machine who someone else controls. Of course, the fact that
it uses a NAT router and firewall to enter the internet that has standard
all ports from outside to inside closed helps. I have only set port 80
explicitly open, and since the windows 2000 or 98 don't run webservers
it won't be of much use for an attacker.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From twoaday at freakmail.de Tue Oct 5 10:12:00 2004
From: twoaday at freakmail.de (Timo Schulz)
Date: Tue Oct 5 10:14:16 2004
Subject: Special characters in passphrase not being recognized
In-Reply-To:
References:
<20041004173730.GA16785@daredevil.joesixpack.net>
Message-ID: <20041005081200.GC1298@daredevil.joesixpack.net>
On Mon Oct 04 2004; 16:48, An?bal Rojas wrote:
> But I have no proble using WPT, the problem arises when I use gpg.exe
> via the DOS console, I suppose it is related to the encoding but I use
> the DOS window with special characters without any other problem.
The problem is that WinPT runs in CP1251 and the console is CP850
and GPG Linux tries to generate ISO-8859-1 output.
Timo
--
Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org)
WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html)
From anibalrojas at gmail.com Tue Oct 5 15:03:29 2004
From: anibalrojas at gmail.com (=?ISO-8859-1?Q?An=EDbal_Rojas?=)
Date: Tue Oct 5 15:00:23 2004
Subject: Special characters in passphrase not being recognized
In-Reply-To: <20041005081200.GC1298@daredevil.joesixpack.net>
References:
<20041004173730.GA16785@daredevil.joesixpack.net>
<20041005081200.GC1298@daredevil.joesixpack.net>
Message-ID:
Umm, interesting DOS Code Pages. I'll be checking my configuration and
post my experience here. Thanks Timo.
On Tue, 5 Oct 2004 10:12:00 +0200, Timo Schulz wrote:
> On Mon Oct 04 2004; 16:48, An?bal Rojas wrote:
>
> > But I have no proble using WPT, the problem arises when I use gpg.exe
> > via the DOS console, I suppose it is related to the encoding but I use
> > the DOS window with special characters without any other problem.
>
> The problem is that WinPT runs in CP1251 and the console is CP850
> and GPG Linux tries to generate ISO-8859-1 output.
>
>
>
>
> Timo
>
> --
> Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org)
> WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html)
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
--
An?bal Rojas
anibalrojas@gmail.com
From ajgpgml at tesla.inka.de Tue Oct 5 20:04:35 2004
From: ajgpgml at tesla.inka.de (Andreas John)
Date: Tue Oct 5 20:20:26 2004
Subject: Encrypting / decrypting without importing keys?
References: <20041004164637.K23687@willy_wonka>
Message-ID: <00c601c4ab08$9a4f68c0$97d555d9@tesla>
Hi!
> you can save a key into a file and use something like:
>
> gpg --no-default-keyring --keyring key-file --trust-model always -ear user
Actually you also have to add "--no-options" as there might be a multi-keyring-setup (one or more "--keyring file" in the gpg.conf).
Unfortunately there is no "--no-keyrings-from-options" (or similar) which seems to bother no one :)
Bye!
From atom at suspicious.org Tue Oct 5 20:29:10 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Tue Oct 5 20:25:59 2004
Subject: Encrypting / decrypting without importing keys?
In-Reply-To: <00c601c4ab08$9a4f68c0$97d555d9@tesla>
References: <20041004164637.K23687@willy_wonka>
<00c601c4ab08$9a4f68c0$97d555d9@tesla>
Message-ID: <20041005142806.S23687@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, 5 Oct 2004, Andreas John wrote:
>> you can save a key into a file and use something like:
>>
>> gpg --no-default-keyring --keyring key-file --trust-model always -ear user
>
> Actually you also have to add "--no-options" as there might be a
> multi-keyring-setup (one or more "--keyring file" in the gpg.conf).
> Unfortunately there is no "--no-keyrings-from-options" (or similar)
> which seems to bother no one :)
==================
if the "user" that owns the process is doing all/most of the gpg usage
that way, they ~probably~ don't have any other keyrings in their options
file, but may find it convenient to set other things there.
might be best to specify "--options file" and have a special file for the
script that uses it in this non-standard way.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"If Jesus Christ were to come today, people would not
even crucify him. They would ask him to dinner, and
hear what he had to say, and make fun of it."
-- Thomas Carlyle
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBYuf7AAoJEAx/d+cTpVci9pYIAK3T+f3PV9DfBtgZzEN9RMUj
SSVT76+A82riSmC9rc57nT+luKf9KbWxS1rLATSNVxnL1fDumSuwlcOTWWzLvjRG
pkOYJXD6eDU+qPvLc1u/hoz0I1KvUvNYQipq9hDgGH4NrPbJgBpq2RKm75HSfT1w
bxZRjVwyA+ZM5wjjTwn9kqnTs6Izd9CGD4xlujQ78FMUbLaS1MbzeG1+8xqIwBBS
/ty7xlvuvm9RhEJfNnMg4Df9gylVQtm24NZNfRfIMe6LS7v+IEJb0/6dY8RpNa8M
3rYw8R1G7fZio7SEaWxevhuSkPeHIsyG9nKW3ji4umXH5ayQBP8lNYZMVb9F3W0=
=Fr2P
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Tue Oct 5 22:08:42 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Oct 5 22:05:18 2004
Subject: Encrypting / decrypting without importing keys?
In-Reply-To: <00c601c4ab08$9a4f68c0$97d555d9@tesla>
References: <20041004164637.K23687@willy_wonka>
<00c601c4ab08$9a4f68c0$97d555d9@tesla>
Message-ID: <20041005200841.GA25841@jabberwocky.com>
On Tue, Oct 05, 2004 at 08:04:35PM +0200, Andreas John wrote:
> Hi!
>
>
> > you can save a key into a file and use something like:
> >
> > gpg --no-default-keyring --keyring key-file --trust-model always -ear user
>
> Actually you also have to add "--no-options" as there might be a
> multi-keyring-setup (one or more "--keyring file" in the gpg.conf).
> Unfortunately there is no "--no-keyrings-from-options" (or similar)
> which seems to bother no one :)
If you want to specify which keyring to import to in a multi-keyring
setup, specify the special one with "--primary-keyring".
David
From dshaw at jabberwocky.com Tue Oct 5 22:28:41 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Oct 5 22:25:16 2004
Subject: Implications of using insecure memory
In-Reply-To: <20041004215305.GF994@dionysus.chud.net>
References: <1096759756.b90348978578b@www.vfemail.net>
<200410040050.50072.skquinn@xevious.kicks-ass.net>
<1096909877.46596568892d5@www.vfemail.net>
<20041004152916.A23687@willy_wonka>
<20041004215305.GF994@dionysus.chud.net>
Message-ID: <20041005202841.GB25841@jabberwocky.com>
On Mon, Oct 04, 2004 at 02:53:05PM -0700, Chris De Young wrote:
> > it's not that gpg isn't secure on windoze; it that *nothing* can be made
> > secure in windoze.
> >
> > if you have a need to use pgp, GnuPG is great, but like any application it
> > can't overcome deficiencies in the OS. use what you need to use, but if
> > security (and/or reliability) is non-trivial you'll need to start using
> > *nix or maybe mac-os.
>
> One thing to note in passing is that most of this worry applies to
> cases where other people besides you also have access to your windows
> box. If the box itself is physically secure and you're mostly worried
> about making sure the data in encrypted before it leaves the box, then
> running GnuPG on Windows should be just fine.
>
> Be aware that you still need to be a reasonably attentive Windows
> admin though, and protect the box from network-borne compromises; if
> a remote user can use a particular exploit to run their own code on
> your box without your permission then they can still exploit the
> probles discussed in this thread.
>
> It's up to you to decide what the cost of such a compromise might be
> compared with the cost of preventing it. For me, I don't think it's
> frankly much of a worry, but that's something you have to decide.
Exactly. This is a very important point, but frequently lost in the
discussion about secure memory in general, and Windows in particular.
Sure, secure memory/running on a secure OS/inside a Faraday
cage/disconnected from the network/etc is potentially safer, but it
would be foolish to let the lack of these things stop you from using
encryption at all. Just understand the limitations of what you are
doing. There is a lot of benefit that can be derived from encryption,
even if you are doing it on Windows.
David
From dshaw at jabberwocky.com Tue Oct 5 23:01:29 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Oct 5 22:58:04 2004
Subject: Encrypting / decrypting without importing keys?
In-Reply-To: <20041005200841.GA25841@jabberwocky.com>
References: <20041004164637.K23687@willy_wonka>
<00c601c4ab08$9a4f68c0$97d555d9@tesla>
<20041005200841.GA25841@jabberwocky.com>
Message-ID: <20041005210129.GC25841@jabberwocky.com>
On Tue, Oct 05, 2004 at 04:08:42PM -0400, David Shaw wrote:
> On Tue, Oct 05, 2004 at 08:04:35PM +0200, Andreas John wrote:
> > Hi!
> >
> >
> > > you can save a key into a file and use something like:
> > >
> > > gpg --no-default-keyring --keyring key-file --trust-model always -ear user
> >
> > Actually you also have to add "--no-options" as there might be a
> > multi-keyring-setup (one or more "--keyring file" in the gpg.conf).
> > Unfortunately there is no "--no-keyrings-from-options" (or similar)
> > which seems to bother no one :)
>
> If you want to specify which keyring to import to in a multi-keyring
> setup, specify the special one with "--primary-keyring".
(err.. when 1.4 is released)
David
From ebenze at hotmail.com Wed Oct 6 19:32:37 2004
From: ebenze at hotmail.com (Eric B.)
Date: Wed Oct 6 19:29:31 2004
Subject: Encrypting / decrypting without importing keys?
References:
<20041004164637.K23687__26180.9799274944$1096923832$gmane$org@willy_wonka>
Message-ID:
> > I'm new to GnuPG and was wondering if it was possible to encrypt and/or
> > decrypt without needing to first import the keys into gpg. I'm looking
> > to use gpg to encrypt data from a web page, where the user specifies the
> > public key to encrypt data, and then eventually a private key to decrypt
> > it.
> >
> > Additionally, is there anyway I can specify the keys to use as coming
> > from standard in or standard out instead of being file based?
> ====================
>
> you can save a key into a file and use something like:
>
> gpg --no-default-keyring --keyring key-file --trust-model always -ear
user
>
> this hack allows an encryption key to be used without importing it. how to
> convert an ascii key into a binary key is an exercise i leave to the
> reader; it isn't that hard to do but an ascii key won't work.
>
> also, see if does most
> of what you need. it sounds like you'd have to tweak this, but the major
> work is done.
Thanks! That was just what I needed. However, have a followup question
though. I now need to programatically convert the ascii key to a binary
key. Doing a quick export of a key in binary format and in armoured format,
I noticed that I can base64 encode the binary key and get an almost exact
match to the armoured format. However, there seem to be five characters on
a newline (=oge7) that appear in the armoured key which are not my base64
conversion of the binary key. I can only assume them to be some form of a
CRC check, but am not sure. Is there armoured version of the key always
followed by a CRC check? If so, is it a CRC32 check? CRC24? etc? How can
I tell when/where the key ends and the CRC checks starts? Does a armoured
key always end with a specific character? Is there a doc which specifies
the format of the armoured key somewhere?
Thanks!
Eric
From dshaw at jabberwocky.com Wed Oct 6 20:17:34 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed Oct 6 20:14:14 2004
Subject: Encrypting / decrypting without importing keys?
In-Reply-To:
References:
<20041004164637.K23687__26180.9799274944$1096923832$gmane$org@willy_wonka>
Message-ID: <20041006181734.GB2757@jabberwocky.com>
On Wed, Oct 06, 2004 at 01:32:37PM -0400, Eric B. wrote:
> Thanks! That was just what I needed. However, have a followup
> question though. I now need to programatically convert the ascii
> key to a binary key. Doing a quick export of a key in binary format
> and in armoured format, I noticed that I can base64 encode the
> binary key and get an almost exact match to the armoured format.
> However, there seem to be five characters on a newline (=oge7) that
> appear in the armoured key which are not my base64 conversion of the
> binary key. I can only assume them to be some form of a CRC check,
> but am not sure. Is there armoured version of the key always
> followed by a CRC check? If so, is it a CRC32 check? CRC24? etc?
> How can I tell when/where the key ends and the CRC checks starts?
> Does a armoured key always end with a specific character? Is there
> a doc which specifies the format of the armoured key somewhere?
It's a CRC24, and you can tell it is there because it's always the
last line, and it begins with an '=' sign. However, the CRC24
checksum is optional according to the standard (though both GnuPG and
PGP always include it).
RFC-2440 defines the format for OpenPGP, including the various details
of armoring (which as you noticed is essentially base64).
David
From atom at suspicious.org Thu Oct 7 01:15:15 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Thu Oct 7 01:12:21 2004
Subject: Encrypting / decrypting without importing keys?
In-Reply-To:
References:
<20041004164637.K23687__26180.9799274944$1096923832$gmane$org@willy_wonka>
Message-ID: <20041006191054.C23687@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, 6 Oct 2004, Eric B. wrote:
> Thanks! That was just what I needed. However, have a followup question
> though. I now need to programatically convert the ascii key to a binary
> key. Doing a quick export of a key in binary format and in armoured format,
> I noticed that I can base64 encode the binary key and get an almost exact
> match to the armoured format. However, there seem to be five characters on
> a newline (=oge7) that appear in the armoured key which are not my base64
> conversion of the binary key. I can only assume them to be some form of a
> CRC check, but am not sure. Is there armoured version of the key always
> followed by a CRC check? If so, is it a CRC32 check? CRC24? etc? How can
> I tell when/where the key ends and the CRC checks starts? Does a armoured
> key always end with a specific character? Is there a doc which specifies
> the format of the armoured key somewhere?
=================
something like this will read an ascii key from the file "key.asc" and
write a binary key to file "key.binary":
gpg --dearmor < key.asc > key.binary
the "--dearmor" isn't very well documented, but among the things it can do
is convert an ascii key into a binary key.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"I am somehow less interested in the weight and
convolutions of Einstein's brain than in the near
certainty that people of equal talent have lived and
died in cotton fields and sweatshops."
-- Stephen Jay Gould
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBZHyJAAoJEAx/d+cTpVciyI4IAJNNdVd4puhO0rNpO5/X1wd9
wY93q3yAZ4C3JEYOA0nxmlF+fUroYX0eYCwEmEo4GDW4DmJKXTHATSJObmFDrWc/
ZiObPcjSKZADg2FrJCW8k74ZhA2FY7VhmDoAldKhftjGWM84HkwGcaRhcRdzJZkp
KjcYGzHA13pm+wQNVW2QiAz66ehaIgQv1IfmVLtMZUy7DT+00D4mVjsz0BKKq+0i
8zH2J4VpVfJv3yv+4LcOoiLI0uwzPVVutNOL8HXNsq2ezBL/VI7YrvUVzk2wXXJw
eJ7FcPCPqF721rrqpMw7AFMKRh8j1t+zay2gfyhIq61pLRYk9YrasdhIImjXu6Q=
=PpZb
-----END PGP SIGNATURE-----
From cgamble at cpbinc.com Thu Oct 7 03:25:08 2004
From: cgamble at cpbinc.com (chris gamble)
Date: Thu Oct 7 03:22:22 2004
Subject: GPG compatibility to PGP 6.0 or above
Message-ID: <41649AF4.9050003@cpbinc.com>
I work with a small company that needs to receive encrypted files from a
vendor. The vendor is specifying that the public key that we provide
them be compatible with PGP 6.0 and above which i assume means using the
IDEA algorithm.
Does PGP 6.0 or above mean it uses the proprietary IDEA algorithm, and
can pgp work with this (unfortunately in accordance with USA laws)? If
so, are there java or COM components we can use to help build a service
that decrypts these files?
Thanks,
Chris Gamble
From dshaw at jabberwocky.com Thu Oct 7 04:47:12 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Oct 7 04:43:51 2004
Subject: GPG compatibility to PGP 6.0 or above
In-Reply-To: <41649AF4.9050003@cpbinc.com>
References: <41649AF4.9050003@cpbinc.com>
Message-ID: <20041007024712.GB6706@jabberwocky.com>
On Wed, Oct 06, 2004 at 08:25:08PM -0500, chris gamble wrote:
> I work with a small company that needs to receive encrypted files from a
> vendor. The vendor is specifying that the public key that we provide
> them be compatible with PGP 6.0 and above which i assume means using the
> IDEA algorithm.
>
> Does PGP 6.0 or above mean it uses the proprietary IDEA algorithm, and
> can pgp work with this (unfortunately in accordance with USA laws)? If
> so, are there java or COM components we can use to help build a service
> that decrypts these files?
No, you are in luck. Generally, PGP 6 does not require IDEA. In
fact, if you just generate a key with GnuPG, you should be able to
give that key to your vendor and it will "just plain work".
However, note the word "generally" in the above paragraph. PGP 6 does
not follow the OpenPGP specification very closely, and so there is
sometimes strange non-standard behavior.
GnuPG can work with IDEA, though it does not ship with IDEA included
for the obvious reasons. Before going down the
get-the-code-and-buy-a-licence route, try just generating a regular
key. Chances are it will work just fine without IDEA.
David
From asmart at kingsdown.swindon.sch.uk Fri Oct 8 15:21:10 2004
From: asmart at kingsdown.swindon.sch.uk (Andy Smart)
Date: Fri Oct 8 15:18:50 2004
Subject: Simple question I'm sure..
Message-ID: <41669446.8080106@kingsdown.swindon.sch.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi
I've read the documentation I have, and I'm still not sure about this one.
I use gnupg at home and at work, with two different key pairs 'tied' to
two different email addresses.
Sometimes I post to newsgroups at home which, normally, I'd sign with my
work sig. Can I have both keypairs on my home machine? If I can, how to
I take a copy of my work keypair to my home pc
andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBZpRGqmlxlf41jHgRAowQAJ9eEG7MOgMTpOsbBjqcQaDnTsU/+wCeN4l7
LNQlGAR3BqHzddafly2hC00=
=dGKD
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asmart.vcf
Type: text/x-vcard
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20041008/45366183/asmart.bin
From areiner at tph.tuwien.ac.at Fri Oct 8 15:48:43 2004
From: areiner at tph.tuwien.ac.at (Albert Reiner)
Date: Fri Oct 8 15:45:19 2004
Subject: Simple question I'm sure..
In-Reply-To: <41669446.8080106@kingsdown.swindon.sch.uk>
References: <41669446.8080106@kingsdown.swindon.sch.uk>
Message-ID:
[Andy Smart , Fri, 08 Oct 2004 14:21:10 +0100]:
> Sometimes I post to newsgroups at home which, normally, I'd sign with my
> work sig. Can I have both keypairs on my home machine? If I can, how to
> I take a copy of my work keypair to my home pc
Do
gpg --export-secret-keys > file
at work, and import the key at home. You will then have to sign with
-u and the key id.
Albert.
From hmujtaba at forumsys.com Fri Oct 8 18:11:43 2004
From: hmujtaba at forumsys.com (Hasnain Mujtaba)
Date: Fri Oct 8 18:09:17 2004
Subject: decryption failed: weak key
Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D190413@bstn-exch1.forumsys.com>
Hi Michael,
I am working with Cryptix OpenPGP provider. I ran into a problem where
after 10,000 iterations the encryption code would start producing faulty
PGP PublicKeyEncryptedSessionKey packets (I was using ElGamal/3DES).
When I would try to decrypt the packets with GPG, I would see the error:
gpg: public key decryption failed: wrong secret key used
gpg: decryption failed: secret key not available.
I suspected that they system was running out of entropy, perhaps. To
rule out that possibility, I started hard-coding the session key using
an array of all 0xFFs. Then, GPG would started throwing the message:
gpg: WARNING: message was encrypted with a weak key in the symmetric
cipher.
gpg: decryption failed: weak key.
So that's how it happened. Not because Cryptix OpenPGP was buggy, but
because of my hard-coded debug values.
I hope this answers your question.
Regards
Hasnain.
-----Original Message-----
From: Michael Roth [mailto:mroth@nessie.de]
Sent: Friday, October 01, 2004 7:53 AM
To: Hasnain Mujtaba
Cc: gnupg-users@gnupg.org
Subject: Re: decryption failed: weak key
Hasnain Mujtaba wrote:
| I saw this message when decrypting a file encrypted with a 1536
| ElGamal key, 3DES symmetric cipher:
A "weak key" is a special DES property. In DES there are 64 known weak
keys. I think Blowfish has weak keys too.
| gpg: WARNING: message was encrypted with a weak key in the symmetric
| cipher.
| gpg: decryption failed: weak key.
|
| Looks like GPG is checking for randomness property of the session key
| after decrypting it out of the Public-key Encrypted Session key
| packet. Correct?
No. If you take a look in g10/des.c you will find a table containing all
64 known weak keys (search for "weak_key"). If gnupg creates a session
key, it omits weak keys (take a look in g10/seskey.c, make_session_key).
So I guess the message was not encrypted using gnupg? Would be nice to
know which programm created the weak session key.
Please also note: 3DES keys consist effectivly of 3 different DES keys,
but GnuPG complains about weak keys if at least one of these three parts
is a weak key.
cu
Michael Roth
From henkdebruijn at wanadoo.nl Fri Oct 8 19:33:59 2004
From: henkdebruijn at wanadoo.nl (Henk de Bruijn)
Date: Fri Oct 8 19:30:34 2004
Subject: GnuPG 1.2.6 for Windows
Message-ID: <1527666174.20041008193359@wanadoo.nl>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Gnupg-Users,
I thought I read somewhere about GnuPG 1.2.6. for Windows... Is that
correct?
- --
Henk
______________________________________________________________________
The Bat!? Natural Email System v3.0nl Professional on Windows XP SP2
PGPkey request: see headers or send email with subj.: send HenksKeyID
Gossamer Spider Web of Trust http://gswot.webhop.info/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: with GPGshell for Windows 3.22
iD8DBQFBZs+HEgabk9vm5ngRAsPUAKCZQXs4VBZbY3JoF4yeTMKsYhsTIgCg6IP1
LWwup1MuASPxIxkE4kPwBXo=
=xuak
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Sat Oct 9 00:11:38 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat Oct 9 00:08:17 2004
Subject: decryption failed: weak key
In-Reply-To: <200410011724.TAA01259@vulcan.xs4all.nl>
References: <415D4517.60904@nessie.de> <200410011724.TAA01259@vulcan.xs4all.nl>
Message-ID: <20041008221138.GE26896@jabberwocky.com>
On Fri, Oct 01, 2004 at 07:24:28PM +0200, Johan Wevers wrote:
> Michael Roth wrote:
>
> >No. If you take a look in g10/des.c you will find a table containing all
> >64 known weak keys (search for "weak_key"). If gnupg creates a session
> >key, it omits weak keys (take a look in g10/seskey.c, make_session_key).
>
> I can understand that it doesn't encrypt to them, but why would it not
> decrypt with them? I can't see any security risk in that.
1.4 will give a warning, but allow you to decrypt even with a weak
key. As you say, there is no risk in decryption.
David
From sjokotof2004 at hotmail.com Fri Oct 8 13:05:17 2004
From: sjokotof2004 at hotmail.com (Sjokotof)
Date: Sat Oct 9 00:17:48 2004
Subject: invalid packet (ctb=2d)
Message-ID:
Situation:
- production system Win32 running PGP 6.5.8, daily decrypting a series of
incoming files.
- trial setup Win 32 running GnuPG 1.2.5, decrypting the same series of
files.
- Trial ran OK for months, with the exception of a few days ago, when one
of the files choked GnuPG, but ran fine through GPG.
Below the output.
What can be done to get this decrypted by GnuPG?
========
gpg --list-packets gives:
gpg: armor header: Version: PGP 6.5.8
:marker packet:
50 47 50
:pubkey enc packet: version 3, algo 16, keyid (ID1)
data: [2047 bits]
data: [2048 bits]
gpg: public key is (SECONDARYKEY)
gpg: using secondary key (SECONDARYKEY) instead of primary key
(PRIMARYKEY)
:encrypted data packet:
length: unknown
gpg: using secondary key (SECONDARYKEY) instead of primary key
(PRIMARYKEY)
gpg: encrypted with 2048-bit ELG-E key, ID (SECONDARYKEY), created
2001-04-09
"(RECIP)"
gpg: CAST5 encrypted data
:compressed packet: algo=1
:onepass_sig packet: keyid (ID2)
version 3, sigclass 00, digest 2, pubkey 17, last=1 :literal data
packet:
mode b (62), created 0, name="rh370r01.rpt",
raw data: 0 bytes
gpg: [don't know]: invalid packet (ctb=2d)
gpg: [don't know]: invalid packet (ctb=2d)
gpg: WARNING: message was not integrity protected
gpg: [don't know]: invalid packet (ctb=2d)
================================
gpg 1.2.5 gives:
gpg: armor header: Version: PGP 6.5.8
gpg: public key is (SECONDARYKEY)
gpg: using secondary key (SECONDARYKEY) instead of primary key
(PRIMARYKEY)
gpg: using secondary key (SECONDARYKEY) instead of primary key
(PRIMARYKEY)
gpg: encrypted with 2048-bit ELG-E key, ID (SECONDARYKEY), created
2001-04-09
"(RECIP)"
gpg: CAST5 encrypted data
gpg: original file name='rh370r01.rpt'
gpg: Signature made 10/01/04 08:50:29 using DSA key ID (DSAKEYID)
gpg: Good signature from "Merrill Lynch CLEAR system DH "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: (FINGERPRINT)
gpg: binary signature, digest algorithm SHA1
gpg: WARNING: message was not integrity protected
gpg: [don't know]: invalid packet (ctb=2d)
================================ pgp gives:
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.
event 1: initial
event 13: BeginLex
event 8: Analyze
File is encrypted. event 9: Recipients
Secret key is required to read it.
Key for user ID: (RECIP)
1024-bit DSS key, Key ID (KEY), created 2001/04/09 Key can sign.
event 6: Passphrase
event 23: Decryption
symmetric cipher used: CAST5
event 11: Output options
typecode: 0062
suggested name: rh370r01.rpt
tempfile: created 'Copy of ba.$00'
event 12: Signature
Good signature from user "(SENDER)".
Signature made 2004/10/01 06:50 GMT
event 14: EndLex
event 2: final
savetemp: renaming 'Copy of ba.$00' to 'Copy of bad
rh370r01.rpt.asc.04.10.01_02.50.txt'
0 memory frags found
exitPGP: exitcode = 0
=============
From JPClizbe at comcast.net Sat Oct 9 08:29:15 2004
From: JPClizbe at comcast.net (John Clizbe)
Date: Sat Oct 9 08:26:30 2004
Subject: GnuPG 1.2.6 for Windows
In-Reply-To: <1527666174.20041008193359@wanadoo.nl>
References: <1527666174.20041008193359@wanadoo.nl>
Message-ID: <4167853B.7030604@comcast.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Henk de Bruijn wrote:
> Hello Gnupg-Users,
>
> I thought I read somewhere about GnuPG 1.2.6. for Windows... Is that
> correct?
1.2.6 is the current STABLE_1_2 version
I believe the fix from 1.2.5 to 1.2.6 was mostly to fix a *nix install
problem. The only change windows users should see between the two is the
version number.
If you want to build your own binaries, 1.2.6 builds easily on Windows
using the MinGW gcc compiler and MSYS shell. There are a couple places you
can stumble in the process, but you can contact me off list if you want
more information.
- --
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Our enemies are innovative and resourceful, and so are we. They
never stop thinking about new ways to harm our country and our people,
and neither do we." - Dumbya explaining his administration 5-Aug-2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.90 (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Annoy John Asscraft -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBZ4U5HQSsSmCNKhARAmrxAJ9jAB+OtfnvTF/NRCfqYv/mS/ZqMQCgkFpk
kwV+PhIEQbIhA2zpDuj8rEw=
=3sW7
-----END PGP SIGNATURE-----
From JPClizbe at comcast.net Sat Oct 9 08:46:37 2004
From: JPClizbe at comcast.net (John Clizbe)
Date: Sat Oct 9 08:43:58 2004
Subject: Simple question I'm sure..
In-Reply-To: <41669446.8080106@kingsdown.swindon.sch.uk>
References: <41669446.8080106@kingsdown.swindon.sch.uk>
Message-ID: <4167894D.6090408@comcast.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andy Smart wrote:
> Hi
>
> I've read the documentation I have, and I'm still not sure about this one.
>
> I use gnupg at home and at work, with two different key pairs 'tied' to
> two different email addresses.
>
> Sometimes I post to newsgroups at home which, normally, I'd sign with my
> work sig. Can I have both keypairs on my home machine? If I can, how to
> I take a copy of my work keypair to my home pc
>
> andy
Yes, It's easy to do. I currently have 27 keypair on my home machine: main
key + 2 Jabber keys + 24 old X.509/SMime keys (6 addresses * 2 CAs * 2 years)
At work (Windows, right?):
gpg --export-secret-keys > A:\file.asc
At home:
gpg --import a:\file.asc
You will need to set the trust on this imported key pair to Ultimate
(I got the key ID from your message to the list):
gpg --edit-key 0xFE358C78 trust
Select '5' for 'Ultimate'
(Y)es you really want to do this
save to exit
You can then set Enigmail to use the work key for signing newsgroup posts
for that news account in Thunderbird/Mozilla.
- --
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Our enemies are innovative and resourceful, and so are we. They
never stop thinking about new ways to harm our country and our people,
and neither do we." - Dumbya explaining his administration 5-Aug-2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.90 (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Annoy John Asscraft -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBZ4lKHQSsSmCNKhARAik8AKCq6JLG/QrQ6ir9ISff06NlLHjd/wCeNnCD
Egtx8uxnf/5yQWumnnJXse8=
=Ym1v
-----END PGP SIGNATURE-----
From zuxy.meng at gmail.com Sat Oct 9 13:18:03 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Sat Oct 9 13:15:11 2004
Subject: Will this SMTP server please the list?
Message-ID:
Oooooooooh this is my fourth try to post to this list. I've tried
virtually all my email acounts and I hope this one works.
Dear list manager, but your anti-spam rules are too strict!
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From zuxy.meng at gmail.com Sat Oct 9 14:14:41 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Sat Oct 9 14:11:48 2004
Subject: Who can explain RSA key types for me?
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
When running "gpg --expert --gen-keys", I have 6 key types for
selection:
(4) RSA (sign only)
This is somewhat a DSA equivalent which can be used with a subkey for
encryption?
(6) RSA (sign & encrypt)
This is a v4 equivalent for v3 RSA keys? One key to do it all?
(8) RSA (sign & certify)
What's this? And what's the meaning of "to certify"? Does gpg use
"sign" for signing data and "certify" for signing other's pubkeys?
(10) RSA (sign, encrypt and certify)
And this one?
And, when running "gpg --edit-key xxxxx", I note something called
"key usage". Again, there's "C" for certification, "S" for signing,
"E" for encryption and "A" for authentification. So what's the
essence of these four letters (especially the difference between C, S
and A)?
Thank you all!
- --
Zuxy
Beauty is truth,
While truth is beauty.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.90 (MingW32) - WinPT 0.9.12
iD8DBQFBZ9YR7wDCeOhVXtYRA/AjAKCD8B3n2sZSjp7Ufdnqs6d56jsyqACfUTWu
pCu8jIw6mswK5+0iBBfnLzg=
=zYhG
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Sat Oct 9 15:08:53 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat Oct 9 15:05:32 2004
Subject: Who can explain RSA key types for me?
In-Reply-To:
References:
Message-ID: <20041009130853.GE28732@jabberwocky.com>
On Sat, Oct 09, 2004 at 08:14:41PM +0800, Zuxy wrote:
> And, when running "gpg --edit-key xxxxx", I note something called
> "key usage". Again, there's "C" for certification, "S" for signing,
> "E" for encryption and "A" for authentification. So what's the
> essence of these four letters (especially the difference between C,
> S and A)?
Certification == signing someone's key
Signing == signing some data (e.g. a file)
Encryption == encrypting some data
Authentication == signing a challenge to indicate you are who you say
you are
Authentication is the new one. It was only recently added to the
OpenPGP standard. It could be used, for example, if you wanted to use
your OpenPGP key for a SSH login.
The flags can be set on any key, with some restrictions - Elgamal is
an encrypt-only algorithm and cannot be C, S, or A. DSA is a
sign-only algorithm and cannot be E. RSA can be anything. None of
this is a special property of the key - it's just a flag given as a
hint as to what purpose you intend to use the key for.
I should note that this applies to the upcoming GnuPG 1.4. The
current version does not have all of these options.
David
From atom at suspicious.org Sat Oct 9 22:37:55 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Sat Oct 9 22:35:04 2004
Subject: Who can explain RSA key types for me?
In-Reply-To: <20041009130853.GE28732@jabberwocky.com>
References:
<20041009130853.GE28732@jabberwocky.com>
Message-ID: <20041009163347.B29334@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, 9 Oct 2004, David Shaw wrote:
> Authentication is the new one. It was only recently added to the
> OpenPGP standard. It could be used, for example, if you wanted to use
> your OpenPGP key for a SSH login.
================================
is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've
seen before) and bis-11 (which i haven't seen yet).
what version is current? where do i find it?
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"You can't hold a man down without staying down with him."
-- Booker T Washington
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBaEwqAAoJEAx/d+cTpVciGCEIAKk70ZTJCf2tSYEB99TCXc+q
Oxe/AUCiuu7mN19PAqEc56sEE+6KueAmvNQN9TyEvCCcFn4CIwyV+BUfDJ90pMfN
zFZ6bWAAlCU+Nm2Ax6yGA0GDlcA4zcZdJ6rcU70upQR4q2X6nsUqDAQhwK2NpFV+
KlVHDGRE4i0GQDEMZF8XMWSez9mE41iymp/MLZBw0uUYsQXjj6rjtNaHpwVNqtW3
cLkxrC3v7XV1HZ7Y/TMoPVpHDcJpcZQqLpQz6YbsxJvK1W2FpZcqw+iAM80TdWMM
9sjFRs+f8BARJtLZONPhbNIrmBqpb7XNmaFGw3X4CZ+bnlRQx/b1G4iPRt0OoYc=
=aGfP
-----END PGP SIGNATURE-----
From asmart at kingsdown.swindon.sch.uk Mon Oct 11 08:39:11 2004
From: asmart at kingsdown.swindon.sch.uk (Andy Smart)
Date: Mon Oct 11 08:36:19 2004
Subject: Thanks - was 'Simple Request'
Message-ID: <416A2A8F.70606@kingsdown.swindon.sch.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks to everybody who provided information on this, I'm grateful :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBaiqOqmlxlf41jHgRAqagAKDHPmMHaVlp3qFAWX5WzV6LubGvZACeKsgr
C/q0HHX8gv3zKEVjBiRcHaQ=
=w88W
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asmart.vcf
Type: text/x-vcard
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20041011/8e5b3b8d/asmart.bin
From sjokotof2004 at hotmail.com Mon Oct 11 11:56:35 2004
From: sjokotof2004 at hotmail.com (Sjokotof)
Date: Mon Oct 11 11:57:59 2004
Subject: invalid packet (ctb=2d)
References:
Message-ID:
Sjokotof hotmail.com> writes:
>
> Situation:
> - production system Win32 running PGP 6.5.8, daily decrypting a series of
> incoming files.
> - trial setup Win 32 running GnuPG 1.2.5, decrypting the same series of
> files.
> - Trial ran OK for months, with the exception of a few days ago, when one
> of the files choked GnuPG, but ran fine through GPG.
>
> Below the output.
> What can be done to get this decrypted by GnuPG?
Some additional info I got by issuing [y:\progra~1\gnupg\gpg.exe --verbose --
home y:\progra~1\gnupg --list-sigs]:
y:/progra~1/gnupg\pubring.gpg
-----------------------------
pub 1024D/ 2002-01-11
sig 2002-01-11
sub 2048g/ 2002-01-11
sig 2002-01-11
pub 1024D/ 2002-01-03
sig 2002-01-03
sub 2048g/ 2002-01-03
sig 2002-01-03
pub 1024D/ 2001-04-09
sig 2001-04-09
sub 2048g/ 2001-04-09
sig 2001-04-09
pub 1024D/ 1998-07-01
sig 1998-07-01
sig L 2001-04-09
sub 2048g/ 1998-07-01
sig 1998-07-01
Don't know if this is normal, but the last part shows a line starting with 'sig
L' (no idea what this means) which contains a repeat of .
Does this need cleaning up, and if so, how? Or is this unrelated to the original
error?
I would be grateful for any ideas here, thanks!
S.
From dshaw at jabberwocky.com Mon Oct 11 22:18:25 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Mon Oct 11 22:15:03 2004
Subject: Who can explain RSA key types for me?
In-Reply-To: <20041009163347.B29334@willy_wonka>
References:
<20041009130853.GE28732@jabberwocky.com>
<20041009163347.B29334@willy_wonka>
Message-ID: <20041011201824.GH12131@jabberwocky.com>
On Sat, Oct 09, 2004 at 04:37:55PM -0400, Atom 'Smasher' wrote:
> On Sat, 9 Oct 2004, David Shaw wrote:
>
> > Authentication is the new one. It was only recently added to the
> > OpenPGP standard. It could be used, for example, if you wanted to use
> > your OpenPGP key for a SSH login.
> ================================
>
> is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've
> seen before) and bis-11 (which i haven't seen yet).
>
> what version is current? where do i find it?
So far as I know, bis-10 is current. It seems to have expired from
the IETF site.
David
From jharris at widomaker.com Mon Oct 11 23:14:42 2004
From: jharris at widomaker.com (Jason Harris)
Date: Mon Oct 11 23:11:28 2004
Subject: Who can explain RSA key types for me?
In-Reply-To: <20041011201824.GH12131@jabberwocky.com>
References:
<20041009130853.GE28732@jabberwocky.com>
<20041009163347.B29334@willy_wonka>
<20041011201824.GH12131@jabberwocky.com>
Message-ID: <20041011211442.GA16175@p5.widomaker.com>
On Mon, Oct 11, 2004 at 04:18:25PM -0400, David Shaw wrote:
> On Sat, Oct 09, 2004 at 04:37:55PM -0400, Atom 'Smasher' wrote:
> > is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've
> > seen before) and bis-11 (which i haven't seen yet).
> >
> > what version is current? where do i find it?
>
> So far as I know, bis-10 is current. It seems to have expired from
> the IETF site.
The copy I downloaded directly on 2004-03-17 reports:
%esha1sum draft-ietf-openpgp-rfc2440bis-10.txt
41955eb13602d9b0a29329b72516a4c90a5e299f 174229 draft-ietf-openpgp-rfc2440bis-10.txt
Google shows a copy at allthingsemail.org.
bis-11 was announced in Message-ID: <1A3A4A76-B029-11D8-8522-000A9568596C@callas.org>
and has also expired, according to:
http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-11.txt
I never downloaded a copy of it, however.
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041011/39faaeae/attachment.bin
From jharris at widomaker.com Mon Oct 11 23:14:42 2004
From: jharris at widomaker.com (Jason Harris)
Date: Mon Oct 11 23:13:24 2004
Subject: Who can explain RSA key types for me?
In-Reply-To: <20041011201824.GH12131@jabberwocky.com>
References:
<20041009130853.GE28732@jabberwocky.com>
<20041009163347.B29334@willy_wonka>
<20041011201824.GH12131@jabberwocky.com>
Message-ID: <20041011211442.GA16175@p5.widomaker.com>
On Mon, Oct 11, 2004 at 04:18:25PM -0400, David Shaw wrote:
> On Sat, Oct 09, 2004 at 04:37:55PM -0400, Atom 'Smasher' wrote:
> > is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've
> > seen before) and bis-11 (which i haven't seen yet).
> >
> > what version is current? where do i find it?
>
> So far as I know, bis-10 is current. It seems to have expired from
> the IETF site.
The copy I downloaded directly on 2004-03-17 reports:
%esha1sum draft-ietf-openpgp-rfc2440bis-10.txt
41955eb13602d9b0a29329b72516a4c90a5e299f 174229 draft-ietf-openpgp-rfc2440bis-10.txt
Google shows a copy at allthingsemail.org.
bis-11 was announced in Message-ID: <1A3A4A76-B029-11D8-8522-000A9568596C@callas.org>
and has also expired, according to:
http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-11.txt
I never downloaded a copy of it, however.
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041011/39faaeae/attachment-0001.bin
From DougB at dougbarton.net Tue Oct 12 01:52:55 2004
From: DougB at dougbarton.net (Doug Barton)
Date: Tue Oct 12 01:50:05 2004
Subject: Who can explain RSA key types for me?
In-Reply-To: <20041011211442.GA16175@p5.widomaker.com>
References: <20041009130853.GE28732@jabberwocky.com> <20041009163347.B29334@willy_wonka> <20041011201824.GH12131@jabberwocky.com>
<20041011211442.GA16175@p5.widomaker.com>
Message-ID: <416B1CD7.1000507@dougbarton.net>
You guys might be interested in the following:
https://datatracker.ietf.org/public/pidtracker.cgi?command=search_list&search_job_owner=0&search_group_acronym=&search_status_id=&search_cur_state=&sub_state_id=6&search_filename=draft-ietf-openpgp-rfc2440bis&search_rfcnumber=&search_area_acronym=&search_button=SEARCH
HTH,
Doug
--
If you're never wrong, you're not trying hard enough
From zuxy.meng at gmail.com Tue Oct 12 06:33:36 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Tue Oct 12 06:30:22 2004
Subject: Does GnuPG consider supporting more charsets?
In-Reply-To:
References:
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
I reckon lacking support for a specific display charset won't cause
much trouble among users using the same language, because one
language will mostly have only one common encoding beside utf-8.
But for CJK (Chinese, Japanese and Korean), there're usually more
than one encoding. For Chinese there're GB2312 (whose extension is
GB18030, used in the Mainland), HZ (used in Hong Kong) and Big5 (used
in Taiwan), so email users across the Taiwan strait do need utf-8 as
an intermedium when sending encryped messages, if they don't know
about PGP/MIME.
Now GnuPG doesn't know about either GB2312 or Big5, and therefore
treats the input as utf-8, and applies no conversion:
Message encoded in GB2312 --> (gpg encrypting) --> Message decoded in
Big5
So the Taiwanese receiptor will have an unreadable message.
How does the current version of GnuPG handle the conversion between
display charsets and utf-8? Thru libiconv or an internal translation
table? And what will the upcoming GnuPG 1.4 do? If GnuPG use
libiconv, I hope there won't be much work adding support for more
display charsets.
Thanks.
- --
Zuxy
Beauty is truth,
While truth is beauty.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.90 (MingW32) - WinPT 0.9.12
iF0EAREDAB0FAkFqpWEWGGhrcDovL3N1YmtleXMucGdwLm5ldAAKCRDvAMJ46FVe
1hjRAKCSPHiUYPBJwTFeNuoy4JVM1u6r0gCg239hG5iFHKoK5syCRcVVxeDABgM=
=/N0i
-----END PGP SIGNATURE-----
From JPClizbe at comcast.net Tue Oct 12 07:36:43 2004
From: JPClizbe at comcast.net (John Clizbe)
Date: Tue Oct 12 07:33:50 2004
Subject: Who can explain RSA key types for me?
In-Reply-To: <20041011201824.GH12131@jabberwocky.com>
References: <20041009130853.GE28732@jabberwocky.com> <20041009163347.B29334@willy_wonka>
<20041011201824.GH12131@jabberwocky.com>
Message-ID: <416B6D6B.4030202@comcast.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Shaw wrote:
> On Sat, Oct 09, 2004 at 04:37:55PM -0400, Atom 'Smasher' wrote:
>> On Sat, 9 Oct 2004, David Shaw wrote:
>>
>> > Authentication is the new one. It was only recently added to the
>> > OpenPGP standard. It could be used, for example, if you wanted to use
>> > your OpenPGP key for a SSH login.
>> ================================
>>
>> is rfc2440bis-11 published? i'm finding dead links to bis-10 (which i've
>> seen before) and bis-11 (which i haven't seen yet).
>>
>> what version is current? where do i find it?
>
> So far as I know, bis-10 is current. It seems to have expired from
> the IETF site.
These should help:
http://community.roxen.com/developers/idocs/drafts/draft-ietf-openpgp-rfc2440bis-10.html
http://ref.allthingsemail.org/ids/ids/draft-ietf-openpgp-rfc2440bis-10.txt
http://ftp.linux.cz/pub/internet-drafts/draft-ietf-openpgp-rfc2440bis-10.txt.gz
- --
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Our enemies are innovative and resourceful, and so are we. They
never stop thinking about new ways to harm our country and our people,
and neither do we." - Dumbya explaining his administration 5-Aug-2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.90 (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Annoy John Asscraft -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBa21qHQSsSmCNKhARAl1qAJ94OLBx1gcXVwp0UesqRqq0YRjGlwCfdqkb
1br/Vcz4lCOVcDqt6tw2b/Y=
=yJFb
-----END PGP SIGNATURE-----
From Dirk.Traulsen at lypso.de Tue Oct 12 10:36:45 2004
From: Dirk.Traulsen at lypso.de (Dirk Traulsen)
Date: Tue Oct 12 10:32:28 2004
Subject: --textmode and signing/clearsigning
Message-ID: <416BB3BD.5948.353AD1@localhost>
Hi,
after reading the gpg man page, I have four questions
concerning --textmode and signing.
A citation from the gpg man-page:
-t, --textmode
Use canonical text mode. If -t (but not
--textmode) is used together with armoring and
signing, this enables clearsigned messages.
This kludge is needed for PGP compatibility;
normally you would use --sign or --clearsign to
selected the type of the signature.
1. What is a cannonical text mode?
I found no explanation in the man page or the gnu gpg handbook.
I only found in an introduction to gpg from Brian Hatch:
--text
Using --text tells GPG that the file is ASCII text.
When the file is decrypted on the other end,
end-of-line sequences (CR/LF vs CR, etc) will be
automatically converted, which is convenient.
I assume, --text is the short of --textmode.
Is his explanation correct and complete?
2. Why is there a difference between -t and --textmode?
Why should it matter to pgp, whether gpg accepts a -t as a
short form for --textmode?
3. Does this mean
(gpg -seat) is clearsigning the message, but
(gpg -sea --textmode) is signing it?
4. The difference between signing and clearsigning is that with
clearsigning, the original text is preserved and fully readable
even without a public key of the author and with
signing, it gets compressed and safed in binary form.
When I encrypt a text, it gets compressed anyway.
Why does it make a difference, whether I use signing or
clearsigning on a compressed text?
Dirk
From wk at gnupg.org Tue Oct 12 11:39:34 2004
From: wk at gnupg.org (Werner Koch)
Date: Tue Oct 12 11:39:28 2004
Subject: Does GnuPG consider supporting more charsets?
In-Reply-To: (zuxy.meng@gmail.com's
message of "Tue, 12 Oct 2004 12:33:36 +0800")
References:
Message-ID: <87y8icl1gp.fsf@wheatstone.g10code.de>
On Tue, 12 Oct 2004 12:33:36 +0800, Zuxy said:
> How does the current version of GnuPG handle the conversion between
> display charsets and utf-8? Thru libiconv or an internal translation
> table? And what will the upcoming GnuPG 1.4 do? If GnuPG use
That's an internal translation table which predates libiconv.
I expected that utf-8 would get in widespread use much earlier but
obviously this is not the case yet. We will see whether we can switch
to libiconv for 1.4
Werner
From wk at gnupg.org Tue Oct 12 11:52:59 2004
From: wk at gnupg.org (Werner Koch)
Date: Tue Oct 12 11:54:27 2004
Subject: --textmode and signing/clearsigning
In-Reply-To: <416BB3BD.5948.353AD1@localhost> (Dirk Traulsen's message of
"Tue, 12 Oct 2004 10:36:45 +0200")
References: <416BB3BD.5948.353AD1@localhost>
Message-ID: <87sm8kl0uc.fsf@wheatstone.g10code.de>
On Tue, 12 Oct 2004 10:36:45 +0200, Dirk Traulsen said:
> I assume, --text is the short of --textmode.
Yes. Though thes abreviations work on the command line only.
> Is his explanation correct and complete?
It is probably not complete but sufficient.
> 2. Why is there a difference between -t and --textmode?
> Why should it matter to pgp, whether gpg accepts a -t as a
> short form for --textmode?
There is no difference. The only thing is that for PGP 2 command line
compatibility we use a few of the short option combinations in a
special way. These PGP 2 kudges are however deprecated and may be
removed in future versions.
> 3. Does this mean
> (gpg -seat) is clearsigning the message, but
> (gpg -sea --textmode) is signing it?
You can't clearsign and encrypt a message.
"gpg -sat" is currently the same as "gpg --clearsign". "gpg -sa
--texmode" is not.
> 4. The difference between signing and clearsigning is that with
> clearsigning, the original text is preserved and fully readable
> even without a public key of the author and with
> signing, it gets compressed and safed in binary form.
It may or may not be comperssed depending on the other options.
> When I encrypt a text, it gets compressed anyway.
By default yes.
> Why does it make a difference, whether I use signing or
> clearsigning on a compressed text?
The preferred method is to use PGP/MIME (rfc3156) and not
clearsigning. If you sign files you should in general use a detached
signature so that the file may be sued without processing it through
gpg.
If you file is plain ASCII --clearsign may be used to avoid the
overhead of PGP/MIME and to make verification easier. If you use a
different character set that ASCII or Latin-1 you better don't use
--clearsign.
Werner
From wk at gnupg.org Tue Oct 12 12:00:53 2004
From: wk at gnupg.org (Werner Koch)
Date: Tue Oct 12 12:04:25 2004
Subject: invalid packet (ctb=2d)
In-Reply-To:
(sjokotof2004@hotmail.com's
message of "Mon, 11 Oct 2004 09:56:35 +0000 (UTC)")
References:
Message-ID: <87is9gl0h6.fsf@wheatstone.g10code.de>
On Mon, 11 Oct 2004 09:56:35 +0000 (UTC), Sjokotof said:
> L' (no idea what this means) which contains a repeat of .
This indicates a local signature; i.e. a signature wchih won't get
exported using using gpg --export.
Werner
From sjokotof2004 at hotmail.com Tue Oct 12 12:59:08 2004
From: sjokotof2004 at hotmail.com (Sjokotof)
Date: Tue Oct 12 12:55:33 2004
Subject: invalid packet (ctb=2d)
References:
<87is9gl0h6.fsf@wheatstone.g10code.de>
Message-ID: <1rfrwws5gs8aa$.1pwm5hvy9iufk.dlg@40tude.net>
On Tue, 12 Oct 2004 12:00:53 +0200, Werner Koch wrote:
> On Mon, 11 Oct 2004 09:56:35 +0000 (UTC), Sjokotof said:
>
>> L' (no idea what this means) which contains a repeat of .
>
> This indicates a local signature; i.e. a signature wchih won't get
> exported using using gpg --export.
>
Thanks, Werner.
Any idea whether this is normal, to have a sig that seems to belong to
another key (third group in my posted listing) turning up in this one?
(I have no idea how the original PGP rings were built, just imported them
into GnuPG).
S.
From vedaal at hush.com Tue Oct 12 19:05:17 2004
From: vedaal at hush.com (vedaal@hush.com)
Date: Tue Oct 12 19:01:55 2004
Subject: symmetric encryption to multiple recipients // multiple encrypted
packets ?
Message-ID: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com>
if someone wants to sign and symmetrically encrypt the same message to
different recipients,
[who don't like to carry their secret keys around ;-)],
and doesn't want all the recipients to share the same passphrase,
one can, of course, simply encrypt each message separately and send it
separately,
but is it possible to do in gnupg by using multiple symmetrically encrypted
packets, each one with its own passphrase ?
tia,
vedaal
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
From atom at suspicious.org Tue Oct 12 22:01:35 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Tue Oct 12 21:58:31 2004
Subject: symmetric encryption to multiple recipients // multiple
encryptedts ?
In-Reply-To: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com>
References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com>
Message-ID: <20041012155801.B29334@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, 12 Oct 2004 vedaal@hush.com wrote:
> but is it possible to do in gnupg by using multiple symmetrically
> encrypted packets, each one with its own passphrase ?
=================
not yet.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"All that is necessary for the triumph of evil
is for good men to do nothing."
-- Edmund Burke
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBbDgkAAoJEAx/d+cTpVcibxQH/3hGifOEV6OWc3MV1x8MYi8J
p9VRhL9JVD5cT7KNrY+MyVD4g660o/fD5+JsJwvno2BZuRt19mSz2JYWlFl7Oro6
73EF3h9pqm1v9cLDOe1RRj/WyYVQCwxV1wFBa5DuWfDLTZm5dO4EdYjiotn9IZVc
kX+IIWjGD20kaokkWQgIzSEC0SEa32fjjssVkHryo3WqzvkXIr+51TSoY5o1rYF5
lgxYPjEML/0Qhw9ohr2PSV/6kpQcBQnQFb0y5wki+6eO/hwh01HW3aXkS5+T/QnP
IPcUR++fF8nEJGjfOtw65PRk5jlq+nQAgXIpMZAYcURdYpCnru5prDFKcO/jngw=
=ccBW
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Tue Oct 12 22:10:02 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Oct 12 22:06:46 2004
Subject: symmetric encryption to multiple recipients // multiple
encrypted packets ?
In-Reply-To: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com>
References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com>
Message-ID: <20041012201001.GB6751@jabberwocky.com>
On Tue, Oct 12, 2004 at 10:05:17AM -0700, vedaal@hush.com wrote:
> if someone wants to sign and symmetrically encrypt the same message to
> different recipients,
> [who don't like to carry their secret keys around ;-)],
>
> and doesn't want all the recipients to share the same passphrase,
>
> one can, of course, simply encrypt each message separately and send it
> separately,
>
> but is it possible to do in gnupg by using multiple symmetrically encrypted
> packets, each one with its own passphrase ?
GnuPG (1.4) can read such a message, but will not generate it.
David
From atom at suspicious.org Tue Oct 12 22:13:35 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Tue Oct 12 22:10:18 2004
Subject: symmetric encryption to multiple recipients // multiplepted
packets ?
In-Reply-To: <20041012201001.GB6751@jabberwocky.com>
References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com>
<20041012201001.GB6751@jabberwocky.com>
Message-ID: <20041012161158.U29334@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, 12 Oct 2004, David Shaw wrote:
> GnuPG (1.4) can read such a message, but will not generate it.
==================
i thought 1.2.x was also able to read them...?
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Wars not make one great." -- Yoda
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBbDr0AAoJEAx/d+cTpVciXqUH/jxaewiz3g1xR1fCsKLByliM
ik24L2i+74Igr+9yANQqqQ988j4HeshtxEhWirdluZQ3HpknDN2wWJladegAMJYb
5tBRJB2UZO5aSBy2C7LEUbXBEFzNHPgJ/DvbIM3TbDp/sMTOq+a4zHgBPZ+I2ppc
VTXQLYF9TgZ5R1X6b7fCtqSfP6XYoWZrBz7dY7i0yGy5RLi/wrzU3M6RJnS0zkuR
jNrwGtptNIABTMKODcMzaaFQ+qopBZHZpNJAmnPVaIVJ5FylsLPEMArcawWEToC5
vr7Twr979PP/kxRsLT6uY6TkcARWYGGZQTt347/waO4tAp/mq4sEH2nUhjcBL4w=
=i13Z
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Tue Oct 12 22:26:49 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Oct 12 22:23:33 2004
Subject: symmetric encryption to multiple recipients // multiplepted
packets ?
In-Reply-To: <20041012161158.U29334@willy_wonka>
References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com>
<20041012201001.GB6751@jabberwocky.com>
<20041012161158.U29334@willy_wonka>
Message-ID: <20041012202648.GC6751@jabberwocky.com>
On Tue, Oct 12, 2004 at 04:13:35PM -0400, Atom 'Smasher' wrote:
> On Tue, 12 Oct 2004, David Shaw wrote:
>
> > GnuPG (1.4) can read such a message, but will not generate it.
> ==================
>
> i thought 1.2.x was also able to read them...?
I'd have to dig into the changelogs to refresh my memory, but I
believe you're right.
David
From atom at suspicious.org Tue Oct 12 22:34:19 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Tue Oct 12 22:31:08 2004
Subject: symmetric encryption to multiple recipients // multiplepted
packets ?
In-Reply-To: <20041012202648.GC6751@jabberwocky.com>
References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com>
<20041012201001.GB6751@jabberwocky.com>
<20041012161158.U29334@willy_wonka>
<20041012202648.GC6751@jabberwocky.com>
Message-ID: <20041012163209.L29334@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
a more relevant question: what application can create such messages?
not counting a hex editor ;)
also, (when) is this feature planned to appear in GnuPG?
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"A function of free speech under our free system
of government is to invite dispute. It may indeed
best serve its high purposes when it induces a
condition of unrest, creates dissatisfaction with
conditions as they are, or even stirs people to anger."
-- Supreme Court Justice William O. Douglas
Terminiello v. Chicago (1949)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBbD/RAAoJEAx/d+cTpVciu1gH/i/8TKfro3XDQE+rjh07xrQb
lfQImZ1cHHaJWAcigN+h7Uut1nSqkQat31UF25Pf9CykeWOeV9HOMIfLUTINP7mM
xi+QAChXEdm6TvOmebYNkuehGg1372DNRMr9qvqCcn63foQvVv3JVT7IYK3U71Ut
tmzJGdHrFTGpAWixkrSxZ1ecSDIVX11pA8BPPl4BO9SZ57YRSOl7pimri3E9XZs9
1dfbXGILCISV0qr35snZJ2FWUTKeYvbLe+dN09BKMwA+Qjgowq54Ztk4otNhZv8Y
8WuLGnKP7OuDAb8Ug5AvWEKT9w5sMiY6kLdHQsbmdVUG/vUXBJZTKAuOIgLNfyE=
=h7M9
-----END PGP SIGNATURE-----
From dshaw at jabberwocky.com Tue Oct 12 22:47:30 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Oct 12 22:44:22 2004
Subject: symmetric encryption to multiple recipients // multiplepted
packets ?
In-Reply-To: <20041012163209.L29334@willy_wonka>
References: <200410121705.i9CH5HSY059764@mailserver2.hushmail.com>
<20041012201001.GB6751@jabberwocky.com>
<20041012161158.U29334@willy_wonka>
<20041012202648.GC6751@jabberwocky.com>
<20041012163209.L29334@willy_wonka>
Message-ID: <20041012204730.GE6751@jabberwocky.com>
On Tue, Oct 12, 2004 at 04:34:19PM -0400, Atom 'Smasher' wrote:
> a more relevant question: what application can create such messages?
None that I know of.
> also, (when) is this feature planned to appear in GnuPG?
Not currently planned for 1.4. There are UI issues involved, since it
involves prompting for multiple passphrases, and the --passphrase-fd
method can only handle a single passphrase.
David
From dshaw at jabberwocky.com Tue Oct 12 23:05:26 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Tue Oct 12 23:02:12 2004
Subject: invalid packet (ctb=2d)
In-Reply-To:
References:
Message-ID: <20041012210526.GF6751@jabberwocky.com>
On Fri, Oct 08, 2004 at 11:05:17AM +0000, Sjokotof wrote:
> Situation:
> - production system Win32 running PGP 6.5.8, daily decrypting a series of
> incoming files.
> - trial setup Win 32 running GnuPG 1.2.5, decrypting the same series of
> files.
> - Trial ran OK for months, with the exception of a few days ago, when one
> of the files choked GnuPG, but ran fine through GPG.
Very often, this error:
> gpg: [don't know]: invalid packet (ctb=2d)
means that the file is corrupt. A common way of corrupting files is
to FTP them in ASCII mode instead of BINARY. How are your files being
moved around?
I understand that you successfully read this file with PGP, but which
copy did you test with? The same one on the same box as GnuPG?
David
From zuxy.meng at gmail.com Wed Oct 13 08:31:30 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Wed Oct 13 08:28:03 2004
Subject: What's "memory guard"?
Message-ID:
When installing you have the option to turn on this feature.
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From sjokotof2004 at hotmail.com Wed Oct 13 10:52:53 2004
From: sjokotof2004 at hotmail.com (Sjokotof)
Date: Wed Oct 13 10:49:32 2004
Subject: invalid packet (ctb=2d)
References:
<20041012210526.GF6751@jabberwocky.com>
Message-ID:
David Shaw jabberwocky.com> writes:
>
> On Fri, Oct 08, 2004 at 11:05:17AM +0000, Sjokotof wrote:
> > Situation:
> > - production system Win32 running PGP 6.5.8, daily decrypting a series of
> > incoming files.
> > - trial setup Win 32 running GnuPG 1.2.5, decrypting the same series of
> > files.
> > - Trial ran OK for months, with the exception of a few days ago, when one
> > of the files choked GnuPG, but ran fine through GPG.
>
> Very often, this error:
>
> > gpg: [don't know]: invalid packet (ctb=2d)
>
> means that the file is corrupt. A common way of corrupting files is
> to FTP them in ASCII mode instead of BINARY. How are your files being
> moved around?
I use wget over FTP, which defaults to Binary mode.
The files begin with -----BEGIN PGP MESSAGE-----, end with -----END PGP MESSAGE-
----.
Would ASCII mode be better in this case?
> I understand that you successfully read this file with PGP, but which
> copy did you test with? The same one on the same box as GnuPG?
You're right, I used the file's copy which is not the right thing to do when
troubleshooting. However, GnuPG rejects the copy, too. To make sure, I've
retested, by having PGP decrypt the file that's on the GnuPG box, working
directly from the PGP box, reading the fil on the GnuPG box. Again, PGP works
OK.
I was hoping I only had to use some special switch on the commandline to get GPG
to work...
S.
From wk at gnupg.org Wed Oct 13 14:31:37 2004
From: wk at gnupg.org (Werner Koch)
Date: Wed Oct 13 14:34:28 2004
Subject: What's "memory guard"?
In-Reply-To: (zuxy.meng@gmail.com's
message of "Wed, 13 Oct 2004 14:31:30 +0800")
References:
Message-ID: <87u0syg5p2.fsf@wheatstone.g10code.de>
On Wed, 13 Oct 2004 14:31:30 +0800, Zuxy said:
> When installing you have the option to turn on this feature.
But don't use it. It will be removed in future versions becuase far
better memory checkers are now available.
Werner
From dshaw at jabberwocky.com Wed Oct 13 14:50:23 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed Oct 13 14:47:10 2004
Subject: What's "memory guard"?
In-Reply-To:
References:
Message-ID: <20041013125023.GB17554@jabberwocky.com>
On Wed, Oct 13, 2004 at 02:31:30PM +0800, Zuxy wrote:
> When installing you have the option to turn on this feature.
Leave it off, unless you are developing code. It's a memory bounds
checker. It's not very sophisticated (valgrind is better), but does
serve to knock out some common cases. It also doesn't work on all
platforms.
David
From Dirk.Traulsen at lypso.de Wed Oct 13 23:36:21 2004
From: Dirk.Traulsen at lypso.de (Dirk Traulsen)
Date: Wed Oct 13 23:30:35 2004
Subject: file types for textmode and armor
Message-ID: <416DBBF5.32107.AD57B7@localhost>
Hi,
I have some more questions concerning --textmode and --armor:
1. --textmode specifies a file as textfile, so while decryption
gpg can adjust the end-of-file characters fitting to the
actual system.
What kind of files are candidates for --textmode?
2. When sent per e-mail, what kind of files could need armoring?
How are they specified?
3. Does armoring a detached signature .sig file with
"gpg -ba file" make sense?
4. In the gpg man-page under EXAMPLES there is "gpg -sb file".
Why is it not just "gpg -b file"? Is there a difference?
5. Is there a place where I could find in-depth information
about gpg? I read the man-page, the manual and what I could
find on the net, but it is mostly for beginners.
(Still thinking of myself as one, but trying to learn more...)
Thanks
Dirk
From nico-linux-gnupg at schottelius.org Thu Oct 14 16:09:22 2004
From: nico-linux-gnupg at schottelius.org (Nico Schottelius)
Date: Thu Oct 14 18:16:28 2004
Subject: Extracting information from a key
Message-ID: <20041014140922.GF14931@schottelius.org>
Hello!
If I recieved a public key via E-Mail, but I am not sure whether
I want to import it. Can gnupg before importing
- display the ID of it (readable by other programs)
- display E-Mail, Name
- display signatures on the key
- display other information (key type, length)
?
Thanks for any help,
Nico
P.S.: Thank you David for the --status-fd hint, does mostly what I want!
--
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nico.schotteli.us | http://linux.schottelius.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : /pipermail/attachments/20041014/fee5a6e3/attachment-0001.bin
From atom at suspicious.org Thu Oct 14 18:30:15 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Thu Oct 14 18:27:19 2004
Subject: Extracting information from a key
In-Reply-To: <20041014140922.GF14931@schottelius.org>
References: <20041014140922.GF14931@schottelius.org>
Message-ID: <20041014122523.E29334@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, 14 Oct 2004, Nico Schottelius wrote:
> Hello!
>
> If I recieved a public key via E-Mail, but I am not sure whether
> I want to import it. Can gnupg before importing
>
> - display the ID of it (readable by other programs)
> - display E-Mail, Name
> - display signatures on the key
> - display other information (key type, length)
> ?
=============
gpg -v < keyfile
this should show everything you're looking for. if you want to import it,
just do:
gpg --import < keyfile
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"In a time of universal deceit, telling the truth
is a revolutionary act."
-- George Orwell
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBbqmdAAoJEAx/d+cTpVcim3kIAJWghKYTgPQdo2rPSyKKZnHQ
Gpnz0QCNmizJdpnwPlfPxgn3PuRTT01cXA1ewxHjWojVJyd4iZCOhcbzAoACJUWi
lx6Nw7R90i/in0UZ3YZjd6X96TcaqgrJDeNlLvzbtXN0bPZX2xc9u3YlBwZ/CjhC
U+lEg0aJlokOGz7YvMEB+20pzZUrP+rc4NxvgqtNlVCTVL5DqXx3x1+8MVFVwQv6
KMUe30tQGz2fxNBqar2d4WGSt0SNqNWV41eXHWjZCKnsB8lZT4oIXe+YfHcPM7sA
YZJCeTHpnHgSPq8BQxehJtLs87gZnOtgV9hiDwdE5ZNf1W9KmSUBpmBS2K06t9w=
=yFNC
-----END PGP SIGNATURE-----
From wk at gnupg.org Thu Oct 14 18:33:33 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 14 18:34:28 2004
Subject: file types for textmode and armor
In-Reply-To: <416DBBF5.32107.AD57B7@localhost> (Dirk Traulsen's message of
"Wed, 13 Oct 2004 23:36:21 +0200")
References: <416DBBF5.32107.AD57B7@localhost>
Message-ID: <87lle99s4i.fsf@wheatstone.g10code.de>
On Wed, 13 Oct 2004 23:36:21 +0200, Dirk Traulsen said:
> 1. --textmode specifies a file as textfile, so while decryption
> gpg can adjust the end-of-file characters fitting to the
> actual system.
> What kind of files are candidates for --textmode?
None. Better don't use it at all for plain files.
> 2. When sent per e-mail, what kind of files could need armoring?
> How are they specified?
Use PGP/MIME as specified in RFC3156
> 3. Does armoring a detached signature .sig file with
> "gpg -ba file" make sense?
Yes if you want to write some instructions into the file; they are not
protected by the signature but may give the user a hint waht this file
is about.
> 4. In the gpg man-page under EXAMPLES there is "gpg -sb file".
> Why is it not just "gpg -b file"? Is there a difference?
This is common to pgp 2 users.
> 5. Is there a place where I could find in-depth information
> about gpg? I read the man-page, the manual and what I could
> find on the net, but it is mostly for beginners.
> (Still thinking of myself as one, but trying to learn more...)
RFC2440 describes the protocol and thus many of gpg's fucntions.
Shalom-Salam,
Werner
From wk at gnupg.org Thu Oct 14 22:56:04 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 14 22:59:31 2004
Subject: Extracting information from a key
In-Reply-To: <20041014140922.GF14931@schottelius.org> (Nico Schottelius's
message of "Thu, 14 Oct 2004 16:09:22 +0200")
References: <20041014140922.GF14931@schottelius.org>
Message-ID: <871xg19fyz.fsf@wheatstone.g10code.de>
On Thu, 14 Oct 2004 16:09:22 +0200, Nico Schottelius said:
> - display the ID of it (readable by other programs)
> - display E-Mail, Name
> - display signatures on the key
> - display other information (key type, length)
Some ietms are displayed with -i
Werner
From hmujtaba at forumsys.com Thu Oct 14 23:50:56 2004
From: hmujtaba at forumsys.com (Hasnain Mujtaba)
Date: Thu Oct 14 23:48:05 2004
Subject: file types for textmode and armor
Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com>
Hi,
Not sure why Werner recommends not using --textmode for plain text
files? Doesn't the RFC say that plain text should be canonicalized prior
to encryption and signing?
Hasnain.
-----Original Message-----
From: gnupg-users-bounces@gnupg.org
[mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Werner Koch
Sent: Thursday, October 14, 2004 12:34 PM
To: Dirk.Traulsen@gmx.de
Cc: gnupg-users@gnupg.org
Subject: Re: file types for textmode and armor
On Wed, 13 Oct 2004 23:36:21 +0200, Dirk Traulsen said:
> 1. --textmode specifies a file as textfile, so while decryption
> gpg can adjust the end-of-file characters fitting to the
> actual system.
> What kind of files are candidates for --textmode?
None. Better don't use it at all for plain files.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From zuxy.meng at gmail.com Fri Oct 15 06:40:55 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Fri Oct 15 06:37:33 2004
Subject: file types for textmode and armor
In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com>
References: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com>
Message-ID:
It causes trouble, when you exchange plain text messages between
somebody who use a different encoding than yours.
On Thu, 14 Oct 2004 17:50:56 -0400, Hasnain Mujtaba
wrote:
>
>
> Hi,
>
> Not sure why Werner recommends not using --textmode for plain text
> files? Doesn't the RFC say that plain text should be canonicalized prior
> to encryption and signing?
>
> Hasnain.
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From wk at gnupg.org Fri Oct 15 10:27:00 2004
From: wk at gnupg.org (Werner Koch)
Date: Fri Oct 15 10:29:32 2004
Subject: file types for textmode and armor
In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com>
(Hasnain Mujtaba's message of "Thu, 14 Oct 2004 17:50:56 -0400")
References: <4DCE15B9C4E66F4CA967EBF64C53D64D19041E@bstn-exch1.forumsys.com>
Message-ID: <87mzyo8jzf.fsf@wheatstone.g10code.de>
On Thu, 14 Oct 2004 17:50:56 -0400, Hasnain Mujtaba said:
> Not sure why Werner recommends not using --textmode for plain text
> files? Doesn't the RFC say that plain text should be canonicalized prior
Its a long time ago that the world was not 8 bit clean and thus binary
transfers don't do any harm anymore. With respect to the CR/LF
conversions beween different systems I consider this an task for
frontends, mailers, editors etc.
Werner
From mdenn at cns.tstc.edu Wed Oct 13 20:38:31 2004
From: mdenn at cns.tstc.edu (Mike Denn)
Date: Fri Oct 15 10:59:44 2004
Subject: Outlook 2003 problem
Message-ID: <79B0DD7E06D346478898E8615BC4371E921E08@cns3.grace.local>
Did anyone ever answer Jon Barlow's question about PGP sending an empty
Outlook message. I have installed WinPT and the GnuPG-Plugin on two
different machines running XP and Outlook 2003. I can send from one
without any problems. I receive the encrypted message on the other
machine and de-encrypt without any problems. When I try to send back a
message I send a blank message. The setup looks the same, but I am
verifying one more time.
Michael L. Denn
Department Chairman
Network Security Technology, TSTC - Waco
(254) 867-3853
mike.denn@tstc.edu
www.NetworkSecurityTech.com
"This e-mail is for the intended recipient only. If an addressing or
transmission error has misdirected this e-mail, please notify the sender
by replying to this e-mail. If you are not the intended recipient you
must not use, disclose, distribute, copy, print or rely on this e-mail.
The opinions expressed in this message are those of the author and not
necessarily those of Texas State Technical College.
From Paul.Lawson at acxiom.com Thu Oct 14 23:51:59 2004
From: Paul.Lawson at acxiom.com (Lawson Paul - plawso)
Date: Fri Oct 15 10:59:50 2004
Subject: Error Message
Message-ID: <3E54A6BA1EAFD311AD75009027DEA5C02681855D@conmsx04.corp.acxiom.net>
Does anyone know what the error message:
gpg: [don't know]: invalid packet (ctb=60)
is trying to tell me?
Thanks,
Paul D. Lawson
OSDESA Sys Admin
(501) 342-7621 Ofc
(501) 580-7287 Cell
mailto:Paul.Lawson@acxiom.com
**********************************************************************
The information contained in this communication is
confidential, is intended only for the use of the recipient
named above, and may be legally privileged.
If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly
prohibited.
If you have received this communication in error,
please re-send this communication to the sender and
delete the original message or any copy of it from your
computer system. Thank You.
From pipworld at yahoo.com Fri Oct 15 05:19:01 2004
From: pipworld at yahoo.com (Pip Jones)
Date: Fri Oct 15 10:59:55 2004
Subject: Can a new version use old keys?
Message-ID: <416F41A5.4060600@yahoo.com>
I've recently been forced to upgrade from 1.0.6 to 1.2.1 and am having
trouble decrypting. Do I need to regenerate the keys or should the old
keys still work in the new version?
I'm encrypting on Linux and decrypting on Windows, something which has
been working fine for years with 1.0.6.
thanks.
From pipworld at yahoo.com Fri Oct 15 10:09:22 2004
From: pipworld at yahoo.com (Pip Jones)
Date: Fri Oct 15 10:59:58 2004
Subject: Decryption of truncated data?
Message-ID: <416F85B2.8050309@yahoo.com>
Is it possible to decrypt a data block which has the first 43 bytes
missing?!
I inherited a wrapper script which was removing the PGP headers and
footers using hard-coded string lengths, but after a GPG upgrade, the
headers changed length and this part of the data was truncated. I've now
got lots of small data blocks (around 1k) I need to decrypt.
I know this is unlikely due to the damaged structure of the encrypted
data, CRCs, etc. but is there any way of recovering the partial
remaining data?
thanks.
From twoaday at freakmail.de Fri Oct 15 11:27:19 2004
From: twoaday at freakmail.de (Timo Schulz)
Date: Fri Oct 15 11:20:18 2004
Subject: Outlook 2003 problem
In-Reply-To: <79B0DD7E06D346478898E8615BC4371E921E08@cns3.grace.local>
References: <79B0DD7E06D346478898E8615BC4371E921E08@cns3.grace.local>
Message-ID: <1097832439.2028.5.camel@colt>
Am Mit, 2004-10-13 um 20.38 schrieb Mike Denn:
> Did anyone ever answer Jon Barlow's question about PGP sending an empty
> Outlook message. I have installed WinPT and the GnuPG-Plugin on two
> different machines running XP and Outlook 2003. I can send from one
What version of the plugin you are using? The original or the modified
version?
Timo
From linux at codehelp.co.uk Fri Oct 15 13:19:32 2004
From: linux at codehelp.co.uk (Neil Williams)
Date: Fri Oct 15 13:19:00 2004
Subject: Can a new version use old keys?
In-Reply-To: <416F41A5.4060600@yahoo.com>
References: <416F41A5.4060600@yahoo.com>
Message-ID: <200410151219.35520.linux@codehelp.co.uk>
On Friday 15 October 2004 4:19 am, Pip Jones wrote:
> I've recently been forced to upgrade from 1.0.6 to 1.2.1 and am having
> trouble decrypting. Do I need to regenerate the keys or should the old
> keys still work in the new version?
More information needed, but generally the keys will continue to work. There
are some keys that 1.2.1 can use that 1.0.6 cannot so it's best to upgrade
anyway.
> I'm encrypting on Linux and decrypting on Windows, something which has
> been working fine for years with 1.0.6.
So what (exactly) is the error message?
What kind of keys are you using (gpg --list-key keyid)
What are you using to decrypt on Windows? WinPT or PGP?
Can you decrypt the files on GNU/Linux?
(i.e. before you send them)
Can you decrypt files sent from the Windows box on the GNU/Linux box?
How are you transferring the files?
Are you using ASCII armour for the encrypted files? (Make sure if you are then
using FTP to use ASCII transfer, not binary).
--
Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041015/f4e3bd42/attachment-0001.bin
From dshaw at jabberwocky.com Fri Oct 15 14:13:46 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Fri Oct 15 14:10:45 2004
Subject: Error Message
In-Reply-To: <3E54A6BA1EAFD311AD75009027DEA5C02681855D@conmsx04.corp.acxiom.net>
References: <3E54A6BA1EAFD311AD75009027DEA5C02681855D@conmsx04.corp.acxiom.net>
Message-ID: <20041015121345.GD14854@jabberwocky.com>
On Thu, Oct 14, 2004 at 04:51:59PM -0500, Lawson Paul - plawso wrote:
> Does anyone know what the error message:
>
> gpg: [don't know]: invalid packet (ctb=60)
>
> is trying to tell me?
It means "corrupted message". Seven times out of ten, it means
someone transferred the file via ASCII ftp instead of BINARY ftp and
so got flipped bits.
David
From nico-linux-gnupg at schottelius.org Fri Oct 15 15:11:03 2004
From: nico-linux-gnupg at schottelius.org (Nico Schottelius)
Date: Fri Oct 15 15:07:35 2004
Subject: Extracting information from a key
In-Reply-To: <871xg19fyz.fsf@wheatstone.g10code.de>
References: <20041014140922.GF14931@schottelius.org>
<871xg19fyz.fsf@wheatstone.g10code.de>
Message-ID: <20041015131103.GH695@schottelius.org>
Werner Koch [Thu, Oct 14, 2004 at 10:56:04PM +0200]:
> On Thu, 14 Oct 2004 16:09:22 +0200, Nico Schottelius said:
>
> > - display the ID of it (readable by other programs)
> > - display E-Mail, Name
> > - display signatures on the key
> > - display other information (key type, length)
>
> Some ietms are displayed with -i
Sounds good, but is there any promise the output won't change?
Using
scice% cat my-pgp-key | gpg -i
pub 1024D/8D0E27A4 2003-01-12 Nico Schottelius (the penguin gets you)
uid Nico Schottelius (the penguin gets you)
uid Nico Schottelius (business)
uid Nico Schottelius (the penguin gets you)
sub 4096g/3976EA51 2003-01-12 [expires: 2007-01-11]
sub 4096R/C251BAE5 2004-05-08 [expires: 2007-05-08]
works fine, but when trying with --status-fd option (which I use
for communication between my program and gpg) the output is still the
same and using
scice% cat my-pgp-key | gpg -i --status-fd 3 3>&1 >/dev/null
does not display any output
(`cat my-pgp-key | gpg -i --status-fd 3 3>&1` displays the same as
just using gpg -i).
`cat my-pgp-key | gpg -v` is as good/bad useable, as it's still
human readable output, which is not bad, but which could perhaps change.
Using
scice% cat my-pgp-key | gpg -v --status-fd 3 3>&1 | grep 'GNUPG:'
gpg: armor header: Version: GnuPG v1.2.5 (GNU/Linux)
gpg: NOTE: signature key 401F6AA5 expired Wed Nov 13 16:03:36 2002 CET
[GNUPG:] KEYEXPIRED 1037199816
[GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
I don't get any useful information.
Are there any plans to realize putting this information to the status-channel,
so other programs can simply extract this information?
Or do you (the developers) tell me that the output of gpg -v or gpg -i
will never change? If so, I'll be able to use the standard human output.
Thanks for any information again,
Nico
--
Keep it simple & stupid, use what's available.
Please use pgp encryption: 8D0E 27A4 is my id.
http://nico.schotteli.us | http://linux.schottelius.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : /pipermail/attachments/20041015/ab18c263/attachment.bin
From atom at suspicious.org Fri Oct 15 16:54:15 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Fri Oct 15 16:51:17 2004
Subject: Extracting information from a key
In-Reply-To: <20041015131103.GH695@schottelius.org>
References: <20041014140922.GF14931@schottelius.org>
<871xg19fyz.fsf@wheatstone.g10code.de>
<20041015131103.GH695@schottelius.org>
Message-ID: <20041015105208.J29334@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, 15 Oct 2004, Nico Schottelius wrote:
> Sounds good, but is there any promise the output won't change?
=========
if you want the output to be readable by a script and/or stable for the
foreseeable future, use "--with-colons".
- --
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"If the [Foreign Corrupt Practices] Law were applied to the
president and the political parties, they'd all be sitting
in the cooler."
-- Raymond Plank, president Apache Corp.,
noting that an annual questionnaire he signs under
that law requires him to attest that his company doesn't
bribe foreign officials for business
(USA Today, 10/26/1998)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBb+ScAAoJEAx/d+cTpVcigTEIAJZ9vDGNyjXVCd2WUF3ZG5EW
P43/1+dE8ftIjPvO4D2IWPmchz/1W4DIUVCnTHc3aa/vkx5EnC8t8IIL+1B1WBBI
35Zs1Q39H//yxTZNdEx3yEG6Kj4Oxy2+S5GPw1iScBq3fyhxdxuI+dmXjUA0G/BZ
KIhy6lFJUY6wuj4dBcNBMiLG25+1HXC9PzwUxq3RyetB08+VAA11mrCkK3k5GDMn
ZS+Vydahnu1n2WwVTy1WvF+z6NPp7ojTrFyvXiF4pl7lqZ76cFRAsoHJ2NhsaE2T
WVk/TI6yCMv3BqY9hz3GkfgUFF121KwimId01+IuI49lnuNViWs1dtLpZB+S/8M=
=g3+e
-----END PGP SIGNATURE-----
From atom at suspicious.org Fri Oct 15 16:56:33 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Fri Oct 15 16:53:19 2004
Subject: Can a new version use old keys?
In-Reply-To: <416F41A5.4060600@yahoo.com>
References: <416F41A5.4060600@yahoo.com>
Message-ID: <20041015105539.E29334@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, 15 Oct 2004, Pip Jones wrote:
> I've recently been forced to upgrade from 1.0.6 to 1.2.1 and am having
> trouble decrypting. Do I need to regenerate the keys or should the old
> keys still work in the new version?
>
> I'm encrypting on Linux and decrypting on Windows, something which has
> been working fine for years with 1.0.6.
===============
check out the man page and other docs about "--rebuild-keydb-caches".
- --
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"They tell us that we live in a great free republic;
that our institutions are democratic; that we are
a free and self-governing people. That is too much,
even for a joke. Wars throughout history have been
waged for conquest and plunder. And that is war in
a nutshell. The master class has always declared
the wars; the subject class has always fought the
battles."
-- Eugene V. Debs, 1918
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBb+UnAAoJEAx/d+cTpVcidx4H/0bniYZ4lLPCev2XYero9/UZ
6do0wqKWzki+saNFlxgAy9z7eD5/HtM5HsNLCO44Qg6E+nx1nCdn68pjrILSEf7C
mAj6vw3X8a/fD73X9A63g9ub12f5KWYE3pEgoKmvDUEmZQLuLdOncIYj4AmIEudP
R9cBgy6HYdtr0d/bYobHEAzI+XJd0FP1vWklqtgXYAGI5X+TqhtoIw7NOss79bn/
BbLz+UB+7tCxucqIKzDdc4HNiFJ2LQh8QtKG6S2T+fNFffkhAo8uHXtL5KbghCKy
GO8bYCZ7/1BZHvik9hflucWX7qndVAbDYHaJIlWyhfD7mC8U/C+YN5eymM804dI=
=2rIB
-----END PGP SIGNATURE-----
From johanw at vulcan.xs4all.nl Fri Oct 15 19:49:03 2004
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Fri Oct 15 20:06:32 2004
Subject: Can a new version use old keys?
In-Reply-To: <416F41A5.4060600@yahoo.com> from Pip Jones at "Oct 15,
2004 01:19:01 pm"
Message-ID: <200410151749.TAA00940@vulcan.xs4all.nl>
Pip Jones wrote:
>I've recently been forced to upgrade from 1.0.6 to 1.2.1 and am having
>trouble decrypting. Do I need to regenerate the keys or should the old
>keys still work in the new version?
There was a format change between 1.0.6 and 1.0.7 (to be honest, I think
that 1.0.7 is a wrong version number; 1.2.0 would have been more
accurate for that version.
You should run gpg --rebuild-keydb-caches. In the tools directory of the
source distribution, there is a script convert-from-106. You can use that
too to convert the keys.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From dshaw at jabberwocky.com Sat Oct 16 14:46:21 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat Oct 16 15:02:11 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
Message-ID: <20041016124621.GA19126@jabberwocky.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello!
The latest release from the development branch of GnuPG is ready for
public consumption. This is a branch to create what will extremely
soon become the new stable release of GnuPG 1.4.
We strongly encourage people to try this development release and
report any feedback or problems to gnupg-devel@gnupg.org. If you have
been waiting until the 1.4 release is imminent before trying the code,
that time is now.
The files are available from:
Gzipped:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.gz (3.7M)
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.gz.sig
Bzip2ed:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.bz2 (2.5M)
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.91.tar.bz2.sig
or as a patch against the 1.3.90 source:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.90-1.3.91.diff.gz (1.9M)
MD5 checksums for the files are:
839e1404fa7b59fb815f44527da2b821 gnupg-1.3.90-1.3.91.diff.gz
bc03e5651387e996f122ecfdb970211b gnupg-1.3.91.tar.gz
fb0f58ff5392c6c20759cd9de190c659 gnupg-1.3.91.tar.bz2
SHA1 checksums for the files are:
eabf07abc4ca2deddfc917d55f340440331e2a0d gnupg-1.3.90-1.3.91.diff.gz
d67a2d0fd640b1d38e3e34efa9430698c54e7a55 gnupg-1.3.91.tar.gz
f1e9a9c00bd48165f7da0824504f2ee4551a5bf0 gnupg-1.3.91.tar.bz2
Noteworthy changes in version 1.3.91 (2004-10-15)
- -------------------------------------------------
* A new configure option --enable-selinux-support disallows
processing of confidential files used by gpg (e.g. secring.gpg).
This helps writing ACLs for the SELinux kernel.
* Support for fetching keys via finger has been added. This is
useful for setting a preferred keyserver URL like
"finger:wk@g10code.com".
* Timeout support has been added to the keyserver helpers. This
allows users to set an upper limit on how long to wait for the
keyserver before giving up.
* New "direct" trust model where users can set key validity
directly if they do not want to participate in the web of trust.
* Minor bug fixes, code and string cleanups.
Enjoy!
The GnuPG team (David, Stefan, Timo and Werner)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.91-cvs (GNU/Linux)
iGoEARECACoFAkFxGB0jGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2tleS5h
c2MACgkQ4mZch0nhy8mnQgCfS+jst/eis2ZMQte8KrAvemYruPQAoMGcKpvBXtsO
7yB1ZQEScS64N09d
=lVRT
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From dshaw at jabberwocky.com Sat Oct 16 15:22:23 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Sat Oct 16 15:19:21 2004
Subject: Decryption of truncated data?
In-Reply-To: <416F85B2.8050309@yahoo.com>
References: <416F85B2.8050309@yahoo.com>
Message-ID: <20041016132222.GC19126@jabberwocky.com>
On Fri, Oct 15, 2004 at 06:09:22PM +1000, Pip Jones wrote:
> Is it possible to decrypt a data block which has the first 43 bytes
> missing?!
>
> I inherited a wrapper script which was removing the PGP headers and
> footers using hard-coded string lengths, but after a GPG upgrade, the
> headers changed length and this part of the data was truncated. I've now
> got lots of small data blocks (around 1k) I need to decrypt.
>
> I know this is unlikely due to the damaged structure of the encrypted
> data, CRCs, etc. but is there any way of recovering the partial
> remaining data?
Unfortunately, if you lost 43 bytes into a message, you lost part of
the session key. You won't be able to decrypt without the session
key.
However, are we talking about ASCII armored messages (i.e. "BEGIN PGP
MESSAGE", etc) ? If so, then 43 bytes in may not even have touched
the actual message data. It depends on how big the headers are. The
default GnuPG headers are longer than 43 bytes.
David
From sckbr at alltel.net Sat Oct 16 16:17:33 2004
From: sckbr at alltel.net (Bob)
Date: Sat Oct 16 16:14:41 2004
Subject: Archives
Message-ID: <41712D7D.8090602@alltel.net>
How do I locate the gnupg archives?
I also need help with Thunderbird and it's "error" message informing
me that I need to set up one or more personnel Public key for
certificates, and would I like to do that now. When clicking "yes"
nothing happens?
Why is there a double Public key block?
Thank you.
Regards,
Bob
0x0C9D3FB1188C8F29
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
mQGiBEFpPCoRBADL9NUElEqVYzeJ8w6ZmvrfUGfceTra2HkH72sKYdBV0fZ+Nvfb
8JnRJzUZIdeilWGEROOQn+i6JfIKBq9Emnzi4IoR05+8gQRefRO8mhUNRwkyM1bk
9FGiDp3KXkzxQyYLvRkTjoA80Cn2/aWu8k2b4kh743/Q24tiDho/TFAAMwCgw36W
vPv6+w7TY3FSRnr0yWyDTjEEAI9nLxuhewM0Uv1vTQhLuDgwUuAqGeA0Gg/+Wlx5
u43C3Bu5aFJXIqD2Ygm/ADBHxUNJ2F3QJBoSW+DbEgXpxV0IBsrhvhc28EqvoJ6K
ubfdCNgdmu5uhorbxOnd7Iv8i+NOMOHb2P5ywof3lhAdUruHX665DX48lwo7QfsJ
XphcA/4/ibZlYA5zeRApBjhWQFaYnDhBxUvISv6Tv9r8w0NeqpA3+xcLkNgyZJBK
drtyBclD5R38K5gDVTepJASlaTbRo0SCtFZNYxH7rajDS26e6r/Jo7SKhy1Ukoeo
ZdoO5Q2hnqAhi+yiDyPKIGBQ2zQqN++9Darz3YvWvvbTrrBrELQzQm9iIChaZW5h
IGlzIHBhcnQgb2Ygb3VyIGZ1dHVyZSkgPHNja2JyQGFsbHRlbC5uZXQ+iFwEExEC
ABwFAkFpPCoHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJEAydP7EYjI8pDegAnjPL
CkZSgr/EnGCFPJYL7rt7g5M2AJ9FCeZJH5pIN2I8SLdLrehusKUBfLkBDQRBaTws
EAQAsPyOFWkgRxKDku6QrBX/hUoC4ONaKfe7csgowxBOms3ln0wOqVN0OKBXJk/o
bYh3RdIbQbU1Kt/7o5sVh8ZKIhj8AJhpax+IoPThbHh/YCZWNX77sMYu2dVQLl+I
kNAWCbGw6KM0OQNw2dEhi/tocF8Z2YqL5tu/Nuq+0EGvAf8AAwUEAJa+WhhqKw7i
570jArIfhgf6eceLUm5jCJUXQFqHwcmRdR1+Y1p0o2SufPXkreHO/ay3zMM5QqA0
Uzw6/KlUrhJaK0VnrPDnhlw4kBtM1AS3iEfTi+3pTY50SbM4m8fTuNSY9RK9ZT7J
YWvmF+hDgMrXYjTbxfTMInbcZz27S2KwiEYEGBECAAYFAkFpPCwACgkQDJ0/sRiM
jymGqQCeIGfoPnDUJ/lBOyxGgp9ocdd8eTQAoKse0cG4KWdZLfW5AsvdkuZCkt0Y
=Kozg
-----END PGP PUBLIC KEY BLOCK-----
Public key for 0x0C9D3FB1188C8F29
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
mQGiBEFpPCoRBADL9NUElEqVYzeJ8w6ZmvrfUGfceTra2HkH72sKYdBV0fZ+Nvfb
8JnRJzUZIdeilWGEROOQn+i6JfIKBq9Emnzi4IoR05+8gQRefRO8mhUNRwkyM1bk
9FGiDp3KXkzxQyYLvRkTjoA80Cn2/aWu8k2b4kh743/Q24tiDho/TFAAMwCgw36W
vPv6+w7TY3FSRnr0yWyDTjEEAI9nLxuhewM0Uv1vTQhLuDgwUuAqGeA0Gg/+Wlx5
u43C3Bu5aFJXIqD2Ygm/ADBHxUNJ2F3QJBoSW+DbEgXpxV0IBsrhvhc28EqvoJ6K
ubfdCNgdmu5uhorbxOnd7Iv8i+NOMOHb2P5ywof3lhAdUruHX665DX48lwo7QfsJ
XphcA/4/ibZlYA5zeRApBjhWQFaYnDhBxUvISv6Tv9r8w0NeqpA3+xcLkNgyZJBK
drtyBclD5R38K5gDVTepJASlaTbRo0SCtFZNYxH7rajDS26e6r/Jo7SKhy1Ukoeo
ZdoO5Q2hnqAhi+yiDyPKIGBQ2zQqN++9Darz3YvWvvbTrrBrELQzQm9iIChaZW5h
IGlzIHBhcnQgb2Ygb3VyIGZ1dHVyZSkgPHNja2JyQGFsbHRlbC5uZXQ+iFwEExEC
ABwFAkFpPCoHCwkIBwMCAQMVAgMDFgIBAh4BAheAAAoJEAydP7EYjI8pDegAnjPL
CkZSgr/EnGCFPJYL7rt7g5M2AJ9FCeZJH5pIN2I8SLdLrehusKUBfLkBDQRBaTws
EAQAsPyOFWkgRxKDku6QrBX/hUoC4ONaKfe7csgowxBOms3ln0wOqVN0OKBXJk/o
bYh3RdIbQbU1Kt/7o5sVh8ZKIhj8AJhpax+IoPThbHh/YCZWNX77sMYu2dVQLl+I
kNAWCbGw6KM0OQNw2dEhi/tocF8Z2YqL5tu/Nuq+0EGvAf8AAwUEAJa+WhhqKw7i
570jArIfhgf6eceLUm5jCJUXQFqHwcmRdR1+Y1p0o2SufPXkreHO/ay3zMM5QqA0
Uzw6/KlUrhJaK0VnrPDnhlw4kBtM1AS3iEfTi+3pTY50SbM4m8fTuNSY9RK9ZT7J
YWvmF+hDgMrXYjTbxfTMInbcZz27S2KwiEYEGBECAAYFAkFpPCwACgkQDJ0/sRiM
jymGqQCeIGfoPnDUJ/lBOyxGgp9ocdd8eTQAoKse0cG4KWdZLfW5AsvdkuZCkt0Y
=Kozg
-----END PGP PUBLIC KEY BLOCK-----
From shavital at mac.com Sat Oct 16 18:19:57 2004
From: shavital at mac.com (Charly Avital)
Date: Sat Oct 16 18:16:54 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To: <20041016124621.GA19126@jabberwocky.com>
References: <20041016124621.GA19126@jabberwocky.com>
Message-ID: <387DD84E-1F8F-11D9-9E67-000A95D5D874@mac.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Built under Mac OS X 10.3.5 - Darwin 7.5.0 - CPU Type:PowerPC G4 (1.1)
Including idea.
Thanks to the GnuPG team (David, Stefan, Timo and Werner).
Charly
On Oct 16, 2004, at 8:46 AM, David Shaw wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello!
>
> The latest release from the development branch of GnuPG is ready for
> public consumption. This is a branch to create what will extremely
> soon become the new stable release of GnuPG 1.4.
> [...]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.91 (Darwin)
iD8DBQFBcUo78SG5rMkbCF4RApZmAJ40HB6aS3aNi2ok8+wn5s62E1JqrwCbBuFz
Qd+Op/sTd7Zi1kZCx7PG0Kc=
=ZcyO
-----END PGP SIGNATURE-----
From zuxy.meng at gmail.com Sat Oct 16 18:49:03 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Sat Oct 16 18:45:43 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To: <20041016124621.GA19126@jabberwocky.com>
References: <20041016124621.GA19126@jabberwocky.com>
Message-ID:
Just two little problems under Win32.
1. Line 782 of g10/http.c, you forgot to add
"addr.sin_addr.S_un.S_addr=inaddr;" after
"addr.sin_port=htons(port);". This will cause gpgkeys_hkp/gpgkeys_http
always tries to connect to 0.0.0.0.
2. Line 124 of keyserver/gpgkeys_finger.c, you wrote "memcpy
(&ad.sin_addr, &l, sizeof l);" while it should be "memcpy
(&addr.sin_addr, &l, sizeof l);".
All other's fine till now. Salut to the team!
On Sat, 16 Oct 2004 08:46:21 -0400, David Shaw wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello!
>
> The latest release from the development branch of GnuPG is ready for
> public consumption. This is a branch to create what will extremely
> soon become the new stable release of GnuPG 1.4.
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From dshaw at jabberwocky.com Sun Oct 17 01:09:49 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Sun Oct 17 01:06:56 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To:
References: <20041016124621.GA19126@jabberwocky.com>
Message-ID: <20041016230949.GH19126@jabberwocky.com>
On Sun, Oct 17, 2004 at 12:49:03AM +0800, Zuxy wrote:
> Just two little problems under Win32.
>
> 1. Line 782 of g10/http.c, you forgot to add
> "addr.sin_addr.S_un.S_addr=inaddr;" after
> "addr.sin_port=htons(port);". This will cause gpgkeys_hkp/gpgkeys_http
> always tries to connect to 0.0.0.0.
>
> 2. Line 124 of keyserver/gpgkeys_finger.c, you wrote "memcpy
> (&ad.sin_addr, &l, sizeof l);" while it should be "memcpy
> (&addr.sin_addr, &l, sizeof l);".
Both fixed, thanks!
David
From pt at radvis.nu Sun Oct 17 20:53:44 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Sun Oct 17 20:48:40 2004
Subject: Comments to armored output was: Re: Can a new version use old keys?
In-Reply-To: <20041015105539.E29334@willy_wonka>
References: <416F41A5.4060600@yahoo.com>
<20041015105539.E29334@willy_wonka>
Message-ID: <6.1.2.0.2.20041017204740.02d15728@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Any hints how to make comments to armoured output. I tried adding the
following comment using the GPG-options in WinPT (one line):
Vad ?r en pgp-signatur?
http://www.clipanish.com/Saker_e-post/saker_e-post.html
Messages cannot be decrypted/verified by EudoraGPG or GPGrelay. WinPT
works OK.
Per Tunedal
Keyid: 0xAE053BE0
Fingerprint: D70D 9057 A985 4944 2191 995A 2D74 F09D AE05 3BE0
At 16:56 2004-10-15, you wrote:
>This mail was signed (Inlined PGP-Message).
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.3.6 (FreeBSD)
>Comment: What is this gibberish?
>Comment: http://atom.smasher.org/links/#digital_signatures
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Vad ?r en PGP-signatur?
http://www.clipanish.com/Saker_e-post/saker_e-post.html
iD8DBQFBcr+maDDfzFT+2PIRAiosAKCQyt19dwNfjYtz0nrJcJI8u4wh+QCfUdfj
g3Sbr7TASJyIgnhOMHPGe+Y=
=/xto
-----END PGP SIGNATURE-----
From atom at suspicious.org Sun Oct 17 20:59:21 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Sun Oct 17 20:56:13 2004
Subject: Comments to armored output was: Re: Can a new version use old
keys?
In-Reply-To: <6.1.2.0.2.20041017204740.02d15728@localhost>
References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka>
<6.1.2.0.2.20041017204740.02d15728@localhost>
Message-ID: <20041017145436.V98120@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, 17 Oct 2004, Per Tunedal Casual wrote:
> Any hints how to make comments to armoured output. I tried adding the
> following comment using the GPG-options in WinPT (one line):
> Vad är en pgp-signatur?
> http://www.clipanish.com/Saker_e-post/saker_e-post.html
>
> Messages cannot be decrypted/verified by EudoraGPG or GPGrelay. WinPT
> works OK.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Vad är en PGP-signatur?
> http://www.clipanish.com/Saker_e-post/saker_e-post.html
==================
1.2.x only supports 1 comment line. a comment that doesn't start with
"Comment:" could cause problems, which seems to be the case with your
comment line starting with http://...
you'll have to make your comment short enough to fit on one line or
upgrade to 1.3.x. i used to use long comment lines and never had a problem
with the lines wrapping.
- --
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"The lawgiver, of all beings, most owes the law allegiance.
He of all men should behave as though the law compelled him.
But it is the universal weakness of mankind that what we are
given to administer we presently imagine we own."
-- H.G. Wells
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBcsEOAAoJEAx/d+cTpVcici8H/Ar5TIzCImrYSu6nTzp4LRBe
zZ3FQkCVYt7TJ1q8d2PkDPrMS3bF04x56S1V5vgl1abHCgtM7WLY9/h3JKpB7iy6
ylTW8pYV7QtgIxuuBuHTiAhOLHWhoLoY1gc/dUwpBi0SBVtQcTokl0U0FQSwL7hW
arujCiAnxh+mNVx7lCLcvCgkrH2BDt5Y6xVbhhJQdl4DfUrViIjwt4/NZJfk8vSS
6CsPS+e6+jAfHE5FLsFD0HG5tksH4R6XPVQw4vM7TSBKc/8HEzwWhRC3gRUjcnjq
ui3sB+baSBc+igk5HSWDazYbY04/3qLpQIib4agYAG2R88EB7TapL8RuIStLDTA=
=V7pc
-----END PGP SIGNATURE-----
From atom at suspicious.org Sun Oct 17 21:05:33 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Sun Oct 17 21:02:16 2004
Subject: Comments to armored output was: Re: Can a new version use old
keys?
In-Reply-To: <20041017145436.V98120@willy_wonka>
References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka>
<6.1.2.0.2.20041017204740.02d15728@localhost>
<20041017145436.V98120@willy_wonka>
Message-ID: <20041017150239.M98120@willy_wonka>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.5 (MingW32)
>> Comment: Vad är en PGP-signatur?
>> http://www.clipanish.com/Saker_e-post/saker_e-post.html
================
of course "format=flowed" caused that line to unfold when i fwd'd it...
this ~should~ appear the same way it was received...
the raw message i received breaks that into two lines, the first line
starting with "Comment:" and the second line starting with "http://"
- --
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Facts are stupid things."
-- Ronald Reagan (1988)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBcsKEAAoJEAx/d+cTpVcixCYH/226vhyRlSefOGZzVOv/+iYj
x7lXbG9Unadr8op9dVrfIp/ktbchwcrbMhQJQEFgxgHAYaETwg5r+ANuNBoGcaFY
jeJ0SzkDeePZGwj5KQcKud+qzpGUDOyq245e3H0TU1x93dkOzSCd2owmal2CV399
djocA/30paHHARWISY/vqjsgTXKQTcICaUNtEhjdEQuAUFKQkx+j/X6v9m1FnYpk
j1cY++ZJ8ggZ56ToPbLAY1I7BJPNXBPaKgdM0dzk2/y5b6H8NoSFPukWfL9M/tnY
/YgFDoL9zr1DahgrYtzULPXqCBXcdq9J76xpB1hBNcQGN3F68yEIa1suUm1Z4D4=
=cpsj
-----END PGP SIGNATURE-----
From JPClizbe at comcast.net Sun Oct 17 22:51:57 2004
From: JPClizbe at comcast.net (John Clizbe)
Date: Sun Oct 17 22:49:14 2004
Subject: Comments to armored output was: Re: Can a new version use old
keys?
In-Reply-To: <6.1.2.0.2.20041017204740.02d15728@localhost>
References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka>
<6.1.2.0.2.20041017204740.02d15728@localhost>
Message-ID: <4172DB6D.1070002@comcast.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Per Tunedal Casual wrote:
>
> Hi,
> Any hints how to make comments to armoured output. I tried adding the
> following comment using the GPG-options in WinPT (one line):
> Vad ?r en pgp-signatur?
>
For a line that long, you really need multiple comment lines which also
means you need GnuPG 1.3.x (x>=4, IIRC). 1.3.6 works nicely enough.
1.3.9x is a pretty fluid target for the time being. I'd use 1.3.6 until
1.4 is released.
Then in gpg.conf:
comment "Vad ?r en pgp-signatur?"
comment "http://www.clipanish.com/Saker_e-post/saker_e-post.html"
- --
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Our enemies are innovative and resourceful, and so are we. They
never stop thinking about new ways to harm our country and our people,
and neither do we." - Dumbya explaining his administration 5-Aug-2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92-cvs (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Annoy John Asscraft -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBcttsHQSsSmCNKhARAvAfAKCkVreei6u+cuXzJ9pHiZqGyPaQ+QCeJ4/d
PvdexD1wQ0Ph0sLe1SAvSTk=
=zwG6
-----END PGP SIGNATURE-----
From jharris at widomaker.com Mon Oct 18 00:31:55 2004
From: jharris at widomaker.com (Jason Harris)
Date: Mon Oct 18 00:28:45 2004
Subject: new (2004-10-17) keyanalyze results (+sigcheck)
Message-ID: <20041017223154.GC1908@wilma.widomaker.com>
New keyanalyze results are available at:
http://keyserver.kjsl.com/~jharris/ka/2004-10-17/
Signatures are now being checked using keyanalyze+sigcheck:
http://dtype.org/~aaronl/
Earlier reports are also available, for comparison:
http://keyserver.kjsl.com/~jharris/ka/
Even earlier monthly reports are at:
http://dtype.org/keyanalyze/
SHA-1 hashes and sizes for all the "permanent" files:
3e9e7dceb58a58c0593bf3980374240053edd7db 10624248 preprocess.keys
6c72d7029b6ce551261a74dc318b43be19051083 6917551 othersets.txt
8854da743e5ac967007a4966a14ba27c5781d333 2717654 msd-sorted.txt
b0f152cbac2bff77aeed70a933fec6d7ac3e7b71 1484 index.html
d4f062a381ff5bb7e91cfff53e163a55ca7684a8 2289 keyring_stats
5c4c9f6680db1b9f93e8a16b2b46fda7dcaa8859 1067792 msd-sorted.txt.bz2
da19424a90c8aa156957e27c8ab16ddf1014b9de 26 other.txt
6ded6e427cf3199cc275c047fb8c645c39a4a447 1480101 othersets.txt.bz2
ba4eff2fd84dfa63444422538a417257a10ad121 4299693 preprocess.keys.bz2
7579f5b6eebbb276fb5d00d67cfe4722debb728f 10620 status.txt
615cb25c9bc1256d339584ae9d06d8069aca8c15 211332 top1000table.html
136717eb9011caadc719fed2386be193a3548331 30395 top1000table.html.gz
a2f1fc386801b31d8371c2b10ee13ba9e2c10506 10994 top50table.html
871e20a6fdcd2163a6636de37620f9fb6c124cc7 2579 D3/D39DA0E3
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041017/7dce4f75/attachment.bin
From wk at gnupg.org Mon Oct 18 10:58:29 2004
From: wk at gnupg.org (Werner Koch)
Date: Mon Oct 18 10:59:26 2004
Subject: Comments to armored output was: Re: Can a new version use old
keys?
In-Reply-To: <4172DB6D.1070002@comcast.net> (John Clizbe's message of "Sun,
17 Oct 2004 15:51:57 -0500")
References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka>
<6.1.2.0.2.20041017204740.02d15728@localhost>
<4172DB6D.1070002@comcast.net>
Message-ID: <87wtxo5rnu.fsf@wheatstone.g10code.de>
On Sun, 17 Oct 2004 15:51:57 -0500, John Clizbe said:
> 1.3.9x is a pretty fluid target for the time being. I'd use 1.3.6 until
> 1.4 is released.
1.3.91 should be considered a release candidate for 1.4, the jump in
the version number was made to indicate that we are going to release
1.4 RSN.
However, if you all stick to old development versions, we will either
not be able to release 1.4 soon or 1.4 will be released pretty much
untested which isn't good for a stable version.
BTW, sed(1) may also be used to insert more comment lines.
Shalom-Salam,
Werner
From pt at radvis.nu Mon Oct 18 13:31:11 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Mon Oct 18 13:26:20 2004
Subject: Comments to armored output was: Re: Can a new version use
old keys?
In-Reply-To: <4172DB6D.1070002@comcast.net>
References: <416F41A5.4060600@yahoo.com> <20041015105539.E29334@willy_wonka>
<6.1.2.0.2.20041017204740.02d15728@localhost>
<4172DB6D.1070002@comcast.net>
Message-ID: <6.1.2.0.2.20041018132559.0379f2c0@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 22:51 2004-10-17, you wrote:
>
>Per Tunedal Casual wrote:
>>
>> Hi,
>> Any hints how to make comments to armoured output. I tried adding the
>> following comment using the GPG-options in WinPT (one line):
>> Vad ?r en pgp-signatur?
>>
>
>For a line that long, you really need multiple comment lines which also
>means you need GnuPG 1.3.x (x>=4, IIRC). 1.3.6 works nicely enough.
>
>1.3.9x is a pretty fluid target for the time being. I'd use 1.3.6 until
>1.4 is released.
>
>Then in gpg.conf:
>
>comment "Vad ?r en pgp-signatur?"
>comment "http://www.clipanish.com/Saker_e-post/saker_e-post.html"
>
>- --
>John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Thank you!
I prefer to use the stable version on this computer, so I have made a
special page with a short URL to link to! The coming version 1.4 will be a
great improvement.
I will think about Werner's remark: I might set up some computer for
testing release candidates.
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.950
Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBc6mdaDDfzFT+2PIRAn+1AJ9jA8bMcNG8j0NlgzOy3K0tOTtsDACfSkFm
u8NI8RvL+0Ka1PtMB1q0rTg=
=5WSC
-----END PGP SIGNATURE-----
From severi.salminen at siba.fi Tue Oct 19 11:15:46 2004
From: severi.salminen at siba.fi (Severi Salminen)
Date: Tue Oct 19 11:12:18 2004
Subject: Gnupg for Windows and key generation?
Message-ID: <4174DB42.5090007@siba.fi>
I created 2 keys with the Windows version of GnuPG (on WinXP). The
entropy gathering process was actually quite fast lasting a few seconds
maybe and I didn't have time to move the mouse or hit the keyboard
significantly. So:
1. How long does the entropy gathering last and how is it concluded that
enough entropy has been gathered?
2. Is there a way to prolong the process so that more user intervention
is possible? That would make me feel more secure ;-)
3. What are the actual factors that are "polled" during the period
besides mouse movement and keyboard?
4. What do all the symbols mean in the output: +, ., < and >? (Others?)
5. Would the usage of EGD (Entropy Gathering Daemond) allow me to gather
entropy longer or is that even necessary?
6. If all the above information is available somewhere I'd appreciate a
link.
Thanks in advance!
Severi Salminen
From scholz at informatik.tu-darmstadt.de Tue Oct 19 13:33:04 2004
From: scholz at informatik.tu-darmstadt.de (Scholz Ulrich)
Date: Tue Oct 19 13:26:54 2004
Subject: Question about: "gpg: WARNING: message was not integrity protected"
Message-ID: <20041019113303.GC1491@informatik.tu-darmstadt.de>
Hi everybody. I'm using gnupg 1.2.2.
When I encode a file with
gpg -c -s
and decode it with
gpg --decode .gpg
I get the message:
gpg: WARNING: message was not integrity protected
Why? The FAQ says: "There is a small security glitch in the OpenPGP (and
therefore GnuPG) system; to avoid this you should always sign and encrypt a
message instead of only encrypting it."
I did sing the file. Did I?
And in another posting I read: "This isn't true any longer. OpenPGP now has
the MDC protection. Both GnuPG and PGP support it. MDC can be turned off
manually, or if you encrypt to a key that doesn't support it, it is switched
off automatically, but in general it is on."
So why do I still get this message? And what does it tell me? Am I doing
something wrong here?
Thank you, Uli
--
Ulrich Scholz
scholz@informatik.tu-darmstadt.de
http://www.intellektik.informatik.tu-darmstadt.de/~scholz
From zuxy.meng at gmail.com Tue Oct 19 13:39:38 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Tue Oct 19 13:36:14 2004
Subject: When to lock page under WinNT?
In-Reply-To:
References:
Message-ID:
I found in previous threads the interesting API VirtualLock, and MSDN
confirms this:
Pages that a process has locked remain in physical memory until the
process unlocks them or terminates.
I suppose it would appear in 1.4 but I haven't seen it in 1.3.91 yet.
Will it be in place, together with the reactivation of warning about
insecure memory under Win9x? Thanks.
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From zuxy.meng at gmail.com Tue Oct 19 15:50:07 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Tue Oct 19 15:46:42 2004
Subject: Question about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <20041019113303.GC1491@informatik.tu-darmstadt.de>
References: <20041019113303.GC1491@informatik.tu-darmstadt.de>
Message-ID:
Yes you encrypted the file but symmetrically, i.e. you didn't encrypt
the file to someone's public key but to a passphrase. I don't if MDC
takes effect in such case.
And I don't know what that small security glitch was, either. Did that
allow bad men to alter encrypted packets without decrypting them?
On Tue, 19 Oct 2004 13:33:04 +0200, Scholz Ulrich
wrote:
> Hi everybody. I'm using gnupg 1.2.2.
>
> When I encode a file with
>
> gpg -c -s
>
> and decode it with
>
> gpg --decode .gpg
>
> I get the message:
>
> gpg: WARNING: message was not integrity protected
>
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From twoaday at freakmail.de Tue Oct 19 19:49:29 2004
From: twoaday at freakmail.de (Timo Schulz)
Date: Tue Oct 19 19:44:32 2004
Subject: Announcement for Outlook GPG Version 0.93
Message-ID: <20041019174929.GA527@daredevil.joesixpack.net>
Hi!
After a long time, g10 Code GmbH decided to update the code of the
Outlook GPG plugin (originally written by G-DATA). This version
fixes a lot of problems reported by users on several mailing lists.
All users who have problems with their current Outlook GPG version might
want to update their files to see if this version fixes the problems.
You can download the zip archive and the digital signature here:
ftp://ftp.g10code.com/g10code/outlgpg/outlgpg-0.93.zip (99k)
ftp://ftp.g10code.com/g10code/outlgpg/outlgpg-0.93.zip.sig
MD5 checksums for the files are:
49cb0af4000669f3c5f86fc6629e7479 outlgpg-0.93.zip
1c3ff5931409f8cfc197c4a3616010b1 outlgpg-0.93.zip.sig
Noteworthy changes in version 0.93
==================================
- New interface which is more generic and tries to be a
complete wrapper around the GPG binary.
- Logging support to make it easier to track down errors
and to allow remote debugging.
- Keylisting now supports keys which only consist of one
primary key (RSA Sign-Encrypt, old v3 Keys, ElGamal).
- The users email address is used to identify the recipient.
This way GPG automatically decides what subkey to use.
- The plaintext is used for replying mails.
- Show some information about the GPG data as part of the message.
For example the a 'gpg -k' like output if the message contain
one or more public keys.
Or if there was a problem with decryption use the GPG output message.
- New GPG I/O subsystem to fix some hanging processes.
- Store all user ID's to improve the searching system.
That's it.
g10 Code GmbH (http://www.g10code.com) of course also provides
commercial support for the plugin and other GPG components.
Timo
From atom at suspicious.org Tue Oct 19 20:14:16 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Tue Oct 19 20:17:42 2004
Subject: Question about: "gpg: WARNING: message was not
integrity protected"
In-Reply-To:
References: <20041019113303.GC1491@informatik.tu-darmstadt.de>
Message-ID: <20041019181425.10837.qmail@suspicious.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> wrote:
>> Hi everybody. I'm using gnupg 1.2.2.
>>
>> When I encode a file with
>>
>> gpg -c -s
>>
>> and decode it with
>>
>> gpg --decode .gpg
>>
>> I get the message:
>>
>> gpg: WARNING: message was not integrity protected
=================
AFAIK that's been fixed since 1.2.2. if you're encrypting with a version
that isn't current you may get that message on decryption, but it's
nothing to be concerned or worried about.
- --
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"The first duty of a revolutionary is to get away with it."
-- Abbie Hoffman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBdVl9AAoJEAx/d+cTpVcicVQIAK++V1l36Qi8XCiKtaiHLx4s
A7elQXriiBfQgbqh/DOC8bBt1jxGyGR+iT/+MDdK5ibBhWUyRpfPUTzV28eCkgz6
YJ8paG58iaUhXD8UAI2sS5qmN7vUQvcDKvnfTTkbEsofJbByE8FHbLJWp4Y6CBn2
N2f3IfftabP6tj7UQUioDRvCjhh+hPkEADushtrrdgUMgA5GSxCBRu/sjF5++8Ks
jYo1AiO3QhPOm/ucABf3MiErhbabq515X9YNP0S1tt9+5PcAbug4QJGRbp4solmU
AE6m9HXmCgKo1s4vZWX6G8GKJQc69wqwePgoSgu0fP6dQyzu+lb5wefU4ObvatQ=
=KavH
-----END PGP SIGNATURE-----
From scholz at informatik.tu-darmstadt.de Wed Oct 20 13:30:33 2004
From: scholz at informatik.tu-darmstadt.de (Scholz Ulrich)
Date: Wed Oct 20 13:24:21 2004
Subject: Question about: "gpg: WARNING: message was not
integrity protected"
In-Reply-To: <20041019181425.10837.qmail@suspicious.org>
References: <20041019113303.GC1491@informatik.tu-darmstadt.de>
<20041019181425.10837.qmail@suspicious.org>
Message-ID: <20041020113033.GA1076@informatik.tu-darmstadt.de>
> >>Hi everybody. I'm using gnupg 1.2.2.
> >>
> >>I get the message:
> >>
> >> gpg: WARNING: message was not integrity protected
> =================
>
> AFAIK that's been fixed since 1.2.2. if you're encrypting with a version
> that isn't current you may get that message on decryption, but it's
> nothing to be concerned or worried about.
As I said, I _am_ using gnupg 1.2.2. That's the reason I'm asking.
Uli
--
Ulrich Scholz
scholz@informatik.tu-darmstadt.de
http://www.intellektik.informatik.tu-darmstadt.de/~scholz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041020/e15a3059/attachment.bin
From vedaal at hush.com Wed Oct 20 15:38:21 2004
From: vedaal at hush.com (vedaal@hush.com)
Date: Wed Oct 20 15:34:56 2004
Subject: generating a v4 rsa sign and encrypt keypair // no subkey generated
?
Message-ID: <200410201338.i9KDcMpL019717@mailserver3.hushmail.com>
in 1.3.x, (in expert mode),
when generating an rsa v4 key, and choosing the selection:
'sign and encrypt' ,
gnupg creates an rsa v4 keypair that is sign and encrypt,
but does not have any subkeys
(similar to v3 keys)
i happen to like it, only in that it avoids confusion for some people
trying to reply to a key id in a signed message, and finding that the
key encrypted to is a different keyid,
was this the intention behind this key type,
or is there another reason that this is useful?
vedaal
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
From scholz at informatik.tu-darmstadt.de Wed Oct 20 16:03:08 2004
From: scholz at informatik.tu-darmstadt.de (Scholz Ulrich)
Date: Wed Oct 20 15:57:01 2004
Subject: Question about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <20041019113303.GC1491@informatik.tu-darmstadt.de>
References: <20041019113303.GC1491@informatik.tu-darmstadt.de>
Message-ID: <20041020140308.GA1913@informatik.tu-darmstadt.de>
On Tue, Oct 19, 2004 at 01:33:04PM +0200, Scholz Ulrich wrote:
> Hi everybody. I'm using gnupg 1.2.2.
>
> ...
> and decode it with
>
> gpg --decode .gpg
> ...
Of course, that should read
gpg --decrypt .gpg
Uli
PS. Now I've updated to gnupg 1.3.91. The behavior stayed the same.
--
Ulrich Scholz
scholz@informatik.tu-darmstadt.de
http://www.intellektik.informatik.tu-darmstadt.de/~scholz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
Url : /pipermail/attachments/20041020/08de84ca/attachment-0001.bin
From list at rachinsky.de Mon Oct 18 16:07:15 2004
From: list at rachinsky.de (Nicolas Rachinsky)
Date: Wed Oct 20 16:25:43 2004
Subject: How to find the reason for a revocation
Message-ID: <20041018140715.GA5824@pc5.i.0x5.de>
Hallo,
when I revoke a signature on an uid, gpg asks for the reason and a
description.
----
Please select the reason for the revocation:
0 = No reason specified
4 = User ID is no longer valid
Q = Cancel
(Probably you want to select 4 here)
Your decision? 4
Enter an optional description; end it with an empty line:
>
----
How can I view that information later?
Nicolas
From dshaw at jabberwocky.com Wed Oct 20 16:40:15 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed Oct 20 16:37:33 2004
Subject: generating a v4 rsa sign and encrypt keypair // no subkey
generated ?
In-Reply-To: <200410201338.i9KDcMpL019717@mailserver3.hushmail.com>
References: <200410201338.i9KDcMpL019717@mailserver3.hushmail.com>
Message-ID: <20041020144015.GA9798@jabberwocky.com>
On Wed, Oct 20, 2004 at 06:38:21AM -0700, vedaal@hush.com wrote:
> in 1.3.x, (in expert mode),
> when generating an rsa v4 key, and choosing the selection:
> 'sign and encrypt' ,
>
> gnupg creates an rsa v4 keypair that is sign and encrypt,
> but does not have any subkeys
> (similar to v3 keys)
>
> i happen to like it, only in that it avoids confusion for some people
> trying to reply to a key id in a signed message, and finding that the
> key encrypted to is a different keyid,
>
> was this the intention behind this key type,
> or is there another reason that this is useful?
There is no particular intent behind sign+encrypt keys. The standard
allows for them (but does not recommend them), and so GnuPG allows
them as well (and just as much does not recommend them - note that
they are hidden behind --expert).
David
From abjork at online.no Wed Oct 20 17:45:27 2004
From: abjork at online.no (=?iso-8859-1?Q?Arild_Bj=F8rk?=)
Date: Wed Oct 20 17:46:20 2004
Subject: Announcement for Outlook GPG Version 0.93
In-Reply-To: <20041019174929.GA527@daredevil.joesixpack.net>
Message-ID: <003c01c4b6bb$d2750340$6600a8c0@CEL2000>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: gnupg-users-bounces@gnupg.org
> [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Timo Schulz
> Sent: Tuesday, October 19, 2004 7:49 PM
> To: gnupg-users@gnupg.org; gnupg-users@gnupg.org
> Subject: Announcement for Outlook GPG Version 0.93
>
>
>
> Hi!
>
> After a long time, g10 Code GmbH decided to update the code of the
> Outlook GPG plugin (originally written by G-DATA). This version
> fixes a lot of problems reported by users on several mailing lists.
>
> All users who have problems with their current Outlook GPG
> version might
> want to update their files to see if this version fixes the problems.
> You can download the zip archive and the digital signature here:
>
> ftp://ftp.g10code.com/g10code/outlgpg/outlgpg-0.93.zip (99k)
> ftp://ftp.g10code.com/g10code/outlgpg/outlgpg-0.93.zip.sig
>
> MD5 checksums for the files are:
>
> 49cb0af4000669f3c5f86fc6629e7479 outlgpg-0.93.zip
> 1c3ff5931409f8cfc197c4a3616010b1 outlgpg-0.93.zip.sig
>
Have been waiting for an updated a while, well done!
The only gripes I have with it is that users have to manually install it. With a dll needing to be registered and hard coded registry entries, it's not an easy task for a novice user.
Will g10 Code GmbH release a version with an installer?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
iD8DBQFBdogRn1hjZcCMxG0RAle1AJ9kMAYcjT94MpFEWqJEnfKeav/JcQCeMEDw
aqrWboMCyhD3wCqz08WyQdM=
=5cJ1
-----END PGP SIGNATURE-----
From twoaday at freakmail.de Wed Oct 20 18:18:53 2004
From: twoaday at freakmail.de (Timo Schulz)
Date: Wed Oct 20 18:10:24 2004
Subject: Announcement for Outlook GPG Version 0.93
In-Reply-To: <003c01c4b6bb$d2750340$6600a8c0@CEL2000>
References: <20041019174929.GA527@daredevil.joesixpack.net>
<003c01c4b6bb$d2750340$6600a8c0@CEL2000>
Message-ID: <20041020161853.GA1924@daredevil.joesixpack.net>
On Wed Oct 20 2004; 17:45, Arild Bj?rk wrote:
[no CC is needed, since I'm subscribed on the list]
> The only gripes I have with it is that users have to manually install it.
> With a dll needing to be registered and hard coded registry entries,
> it's not an easy task for a novice user.
I should have say that this is mainly an update for people who have
already installed it. Of course it can be also used by somebody who
did it install a prior version but then the procedure is a little
uncomfortable (but not impossible!).
And of course it would be possible to use an installer with the
G-DATA plugin and then simply override the files. Then the step
with the manual registry modifications can be avoided.
> Will g10 Code GmbH release a version with an installer?
At the moment, I cannot answer this question.
Timo
From zwon at severodvinsk.ru Wed Oct 20 22:39:55 2004
From: zwon at severodvinsk.ru (Pawel Shajdo)
Date: Wed Oct 20 22:45:32 2004
Subject: How to find the reason for a revocation
In-Reply-To: <20041018140715.GA5824@pc5.i.0x5.de>
References: <20041018140715.GA5824@pc5.i.0x5.de>
Message-ID: <20041020203955.GA829@sky.schizandra.ru>
On Mon, Oct 18, 2004 at 04:07:15PM +0200, Nicolas Rachinsky wrote:
> when I revoke a signature on an uid, gpg asks for the reason and a
> description.
>
> ----
> Please select the reason for the revocation:
> 0 = No reason specified
> 4 = User ID is no longer valid
> Q = Cancel
> (Probably you want to select 4 here)
> Your decision? 4
> Enter an optional description; end it with an empty line:
> >
> ----
>
> How can I view that information later?
in 1.3.90:
gpg --with-colons --list-options show-sig-subpackets --list-key XXXXXXXX
--
Pawel I. Shajdo
From mamta.mehra at us.ing.com Wed Oct 20 22:15:32 2004
From: mamta.mehra at us.ing.com (Mamta Mehra)
Date: Thu Oct 21 09:40:35 2004
Subject: gpg: fatal: can't open /dev/urandom
Message-ID:
We are implementing PGP on Integration Server by using OpenPGP package from
webMethods. As required by OpenPGP package, we have installed/configured
GnuPG software in our DEV environment.
Environment details:
IS running on AIX 5.2
Integration Server 6.1
OpenPGP package version 1.1
GnuPG Version 1.5.8
The solution is implemented successfully in our DEV environment.
While migrating to QA environment, we ran into following-like error when
creating the PGP keys.
gpg: fatal: can't open /dev/urandom: There is a request to a device or
address that does not exist.
Our Unix team have verified the access to /dev/urandom device from user
that runs webMethods IS process. Alternatively, we have also failed to
create GPG keys when running as Unix root user.
We did think of using PGP keys from DEV environment to get around the
problem. However, the same error will occur when we use encrypt service
(pub.openpgp:encrypt) from OpenPGP package to encrypt the contents.
Looking forward for help.
Regards,
Mamta Mehra
ING AMERICAS - Technology Management Office
Phone: 612-342-3574
Mobile: 612-290-1024
Email: Mamta.Mehra@us.ing.com
------------------------------------------------------------------------------
NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it.
==============================================================================
From mamta.mehra at us.ing.com Wed Oct 20 22:27:35 2004
From: mamta.mehra at us.ing.com (Mamta Mehra)
Date: Thu Oct 21 09:40:42 2004
Subject: gpg: fatal: can't open /dev/urandom
Message-ID:
We are implementing PGP on Integration Server by using OpenPGP package from
webMethods. As required by OpenPGP package, we have installed/configured
GnuPG software in our DEV environment.
Environment details:
IS running on AIX 5.2
Integration Server 6.1
OpenPGP package version 1.1
GnuPG Version 1.5.8
The solution is implemented successfully in our DEV environment.
While migrating to QA environment, we ran into following-like error when
creating the PGP keys.
gpg: fatal: can't open /dev/urandom: There is a request to a device or
address that does not exist.
Our Unix team have verified the access to /dev/urandom device from user
that runs webMethods IS process. Alternatively, we have also failed to
create GPG keys when running as Unix root user.
We did think of using PGP keys from DEV environment to get around the
problem. However, the same error will occur when we use encrypt service
(pub.openpgp:encrypt) from OpenPGP package to encrypt the contents.
Looking forward for help.
Regards,
Mamta Mehra
ING AMERICAS - Technology Management Office
Phone: 612-342-3574
Mobile: 612-290-1024
Email: Mamta.Mehra@us.ing.com
------------------------------------------------------------------------------
NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it.
==============================================================================
From zuxy.meng at gmail.com Thu Oct 21 10:03:47 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Thu Oct 21 10:00:22 2004
Subject: GnuPG 1.3.91 Win32 Binary
In-Reply-To:
References: <3.0.5.32.20041018211850.012bd638@popc.ipa.net>
Message-ID:
No official binaries for delevopement version, especially for Win32.
But you can download my personal build for Win32 from my Yahoo!
briefcase at http://cn.briefcase.yahoo.com/zuxy0
And refer to my blog for details: http://zuxy.mysmth.net
Enjoy!
On Mon, 18 Oct 2004 21:18:50 -0500, Alan S. Jones wrote:
> Will there be various binaries including Win32 of the 1.3.9x series before
> the final 1.4?
>
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From wk at gnupg.org Thu Oct 21 10:58:05 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 21 10:59:24 2004
Subject: Question about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <20041019113303.GC1491@informatik.tu-darmstadt.de> (Scholz
Ulrich's message of "Tue, 19 Oct 2004 13:33:04 +0200")
References: <20041019113303.GC1491@informatik.tu-darmstadt.de>
Message-ID: <87pt3cfnxe.fsf@wheatstone.g10code.de>
On Tue, 19 Oct 2004 13:33:04 +0200, Scholz Ulrich said:
> So why do I still get this message? And what does it tell me? Am I doing
> something wrong here?
That message is on purpose to remind people that they should use the
MDC feature. MDC is automagically handled through the preferences
system but with symmetrical only encrypted mails we don't have them
and thus we need to print the warning in all cases.
The MDC features solves a problem when an attacker modifies parts of
an encrypted messages, e.g. by cutting out some parts, and the user
did not noticed a couple of garbled characters (he might think this is
line noise).
This integrity protection is used independly from a signature.
Shalom-Salam,
Werner
From wk at gnupg.org Thu Oct 21 11:01:09 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 21 11:04:23 2004
Subject: Announcement for Outlook GPG Version 0.93
In-Reply-To: <003c01c4b6bb$d2750340$6600a8c0@CEL2000> (Arild
=?utf-8?q?Bj=C3=B8rk's?= message of "Wed, 20 Oct 2004 17:45:27 +0200")
References: <003c01c4b6bb$d2750340$6600a8c0@CEL2000>
Message-ID: <87lle0fnsa.fsf@wheatstone.g10code.de>
On Wed, 20 Oct 2004 17:45:27 +0200, Arild Bj?rk said:
> Will g10 Code GmbH release a version with an installer?
Yes, we will eventually do so.
Werner
From scholz at informatik.tu-darmstadt.de Thu Oct 21 12:32:13 2004
From: scholz at informatik.tu-darmstadt.de (Scholz Ulrich)
Date: Thu Oct 21 12:37:43 2004
Subject: Question about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <87pt3cfnxe.fsf@wheatstone.g10code.de>
References: <20041019113303.GC1491@informatik.tu-darmstadt.de>
<87pt3cfnxe.fsf@wheatstone.g10code.de>
Message-ID: <20041021103213.GA1522@informatik.tu-darmstadt.de>
On Thu, Oct 21, 2004 at 10:58:05AM +0200, Werner Koch wrote:
> That message is on purpose to remind people that they should use the MDC
> feature. MDC is automagically handled through the preferences system but
> with symmetrical only encrypted mails we don't have them and thus we need
> to print the warning in all cases.
You are right. If I encrypt a message with
gpg -c --force-mdc
then I don't get the warning on decryption. Maybe you should hint that in
the documentation (or maybe you did and I just too lazy to find it.)
Thank you, Uli
--
Ulrich Scholz
scholz@informatik.tu-darmstadt.de
http://www.intellektik.informatik.tu-darmstadt.de/~scholz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
Url : /pipermail/attachments/20041021/f0f5c856/attachment.bin
From wk at gnupg.org Thu Oct 21 17:23:17 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 21 17:24:31 2004
Subject: gpg: fatal: can't open /dev/urandom
In-Reply-To:
(Mamta Mehra's message of "Wed, 20 Oct 2004 15:27:35 -0500")
References:
Message-ID: <87pt3cdriy.fsf@wheatstone.g10code.de>
On Wed, 20 Oct 2004 15:27:35 -0500, Mamta Mehra said:
> OpenPGP package version 1.1
I don't know what this is.
> GnuPG Version 1.5.8
There is no official version with that release number. From where did
you get it?
Shalom-Salam,
Werner
From wk at gnupg.org Thu Oct 21 17:24:48 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 21 17:24:41 2004
Subject: Question about: "gpg: WARNING: message was not integrity
protected"
In-Reply-To: <20041021103213.GA1522@informatik.tu-darmstadt.de> (Scholz
Ulrich's message of "Thu, 21 Oct 2004 12:32:13 +0200")
References: <20041019113303.GC1491@informatik.tu-darmstadt.de>
<87pt3cfnxe.fsf@wheatstone.g10code.de>
<20041021103213.GA1522@informatik.tu-darmstadt.de>
Message-ID: <87lle0drgf.fsf@wheatstone.g10code.de>
On Thu, 21 Oct 2004 12:32:13 +0200, Scholz Ulrich said:
> then I don't get the warning on decryption. Maybe you should hint that in
> the documentation (or maybe you did and I just too lazy to find it.)
The MDC feature hast not yet been specified in an RFC, so it is kind
of inofficial. That will change soon.
Werner
From joelb at homeschools.org Thu Oct 21 17:48:07 2004
From: joelb at homeschools.org (Joel Bennett)
Date: Thu Oct 21 17:45:10 2004
Subject: CRC error supressed...still getting unspecific read error
Message-ID: <4177DA37.1080306@homeschools.org>
Hello,
I am using a php program to interface with our remotely hosted server's
pgp program. It emails the encrypted results to me. Everything was
working just fine and we were receiving and decrypting messages. Today
we got two emails that cannot be decrypted by Thunderbird/Enigmail. I
have received encrypted mail since and it has worked. I cannot figure
out why these two messages don't work. I jumped on gpg command line and
saw that I was getting the following:
CRC error; 7a00e7 - 82cded
I supressed the CRC error and got this:
gpg: block_filter 00908810: read error (size=8872,a->size=1408)
gpg: WARNING: message was not integrity protected
gpg: block_filter: pending bytes!
Here is the message:
-----BEGIN PGP MESSAGE-----
Version: PGP 6.5.8
qANQR1DBwE4DJBprY+AB5ZoQA/9KK9X/FKurHp9hwswbBuvDSGnT4Hg1FQQXqNEE
MPPjOoyts3lhc075qcjNCD+sQ+D0l0KcL4L4yWa/QG9uPWEzG0jmiEHVNsxhj9iM
nP27aHpTlSbZKyDSlNTvrCgzviydQBLgh0tslYOx/sgGpD4LW2S0emrjNYIlujlb
gk1kLgQAmWH5VTaNdQnjBuWBoi4nQq3etva2ZvS2h2g81sin8MCJMNk6YzZWGoHd
a6jyR81q4vqXo1pg4lzbxkocVMmSD0ZM1p47KqGU8yvL8u8VUAzTB9eclYcollAk
NTPeC1hQJPqf5BwaMG7+x1JWdEp02q7YUo/qLdw6Zjy5E5yXkafJwiXDtD6cEC+n
whuGFAP4o8eVkk3heXqFCHAuVmowaQMAYzcO5xhjHcpx/ogAnOBj/kAiJy3HnGPG
uWt9eNM+6MSghEG3QOugrj+yUykTJ0tTtP3TNcQd1wIYowLK0qtIgb/aG9GdPYOV
dPxaVas35p0nUbX8beHJsTQVtolLPlL2cjYJVyJ7ZaHXzxCBHiyHgROy1HMNuY6J
5NihV2sVmFlVKm+odpmGyRnJmU1ThXjETgAODhdXmT4eYehLrbOQtfFGotImL295
qkV7uOCrpbTYlJeA0bjH8zWhmeOFP+py2hJ21qMVm8WQSFzIscIlytU63vDr9e1w
krIwS75RnhQmV1WqKPd32RVwOjeqwHz4gA4A90CbxMLN3XawVH96ccaDqhg7T441
ImFP5sFNknMflMHK1SlkdVFva/ygdPlrVEe+xtuuuJHE89oIPjETYOtYZ66gd67Q
sbx/gZ7jcRFOpFPNqF024U9F3UXoFO/rkzG0d8ui87qxazt+Qrto/LYx1mSSoEOY
cUuCFWdv+h5nFlpiCxkSFRxdPXSPhgnh+CRZGfvpLaq08oHsLKxXejKHgK6Potdm
WEyT4th9zupD3n2ZRzlX/sXtdxyommj0oL53oyE0+4BwniLP7YpBxVDQcWV1BqSH
Kck+Y3R1G3IZFODQmHm8SFqB4XK1zopjC84CvGHtARfGjoFw69aTuOBKAAYGgJ5c
eaJWFEu/PgW/XA1CKKU8jn2Y5wCO316A9GyXZMcr3d/+0EYXYrjU7m8Y4ZsD7yn4
CviztqmXHtPWg8QzZDQg4Jfx7tYm2wK4fdBsKWrT28aTx3K6N2HdHYz+e99LcaRm
FAYV2cCOkCXJDtg8yvItyoDG55E79y2FQUwQBy5+pv9c1+X2ZJsNAndhern6KdrR
vivkqZsbpviam50jTFs=
=gs3t
-----END PGP MESSAGE-----
Any ideas?
--
Joel Bennett
CLASS Homeschools IT Department
847-259-4444 x157
From dshaw at jabberwocky.com Thu Oct 21 18:37:36 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Oct 21 18:34:53 2004
Subject: CRC error supressed...still getting unspecific read error
In-Reply-To: <4177DA37.1080306@homeschools.org>
References: <4177DA37.1080306@homeschools.org>
Message-ID: <20041021163735.GA20823@jabberwocky.com>
On Thu, Oct 21, 2004 at 10:48:07AM -0500, Joel Bennett wrote:
> Hello,
>
> I am using a php program to interface with our remotely hosted server's
> pgp program. It emails the encrypted results to me. Everything was
> working just fine and we were receiving and decrypting messages. Today
> we got two emails that cannot be decrypted by Thunderbird/Enigmail. I
> have received encrypted mail since and it has worked. I cannot figure
> out why these two messages don't work. I jumped on gpg command line and
> saw that I was getting the following:
>
> CRC error; 7a00e7 - 82cded
>
> I supressed the CRC error and got this:
>
> gpg: block_filter 00908810: read error (size=8872,a->size=1408)
> gpg: WARNING: message was not integrity protected
> gpg: block_filter: pending bytes!
This isn't surprising. The CRC error means that file is corrupt.
Supressing the CRC error just tells GnuPG to pretend that the file
isn't corrupt... but since it IS corrupt, it bombs out somewhere else.
David
From mamta.mehra at us.ing.com Thu Oct 21 17:32:33 2004
From: mamta.mehra at us.ing.com (Mamta Mehra)
Date: Thu Oct 21 18:54:15 2004
Subject: gpg: fatal: can't open /dev/urandom
Message-ID:
Sorry about the typo, we are using GnuPG version 1.2.1, OpenPGP is a
package which runs on webMethods Integration platform.
Thanks
Mamta Mehra
Werner Koch
To: Mamta Mehra/US/AMERICAS@AMERICAS
cc: gnupg-users@gnupg.org
10/21/2004 10:23 Subject: Re: gpg: fatal: can't open /dev/urandom
AM
On Wed, 20 Oct 2004 15:27:35 -0500, Mamta Mehra said:
> OpenPGP package version 1.1
I don't know what this is.
> GnuPG Version 1.5.8
There is no official version with that release number. From where did
you get it?
Shalom-Salam,
Werner
------------------------------------------------------------------------------
NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it.
==============================================================================
From wk at gnupg.org Thu Oct 21 19:13:19 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 21 19:14:23 2004
Subject: When to lock page under WinNT?
In-Reply-To: (zuxy.meng@gmail.com's
message of "Tue, 19 Oct 2004 19:39:38 +0800")
References:
Message-ID: <87vfd4dmfk.fsf@wheatstone.g10code.de>
On Tue, 19 Oct 2004 19:39:38 +0800, Zuxy said:
> Pages that a process has locked remain in physical memory until the
> process unlocks them or terminates.
We had long discussions on several Mailing lists over the years to
check what VirtualLock really does. The conclusion is that it does
not work in the described way. See Peter Gutmann's article on the RNG
or his book.
Recently some newer information might change the picture but tehre is
still no agreement.
> I suppose it would appear in 1.4 but I haven't seen it in 1.3.91 yet.
> Will it be in place, together with the reactivation of warning about
> insecure memory under Win9x? Thanks.
No, it won't appear in GnuPG unless there is a portable and working
way of doing so.
Werner
From pt at radvis.nu Thu Oct 21 22:14:56 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Thu Oct 21 22:10:17 2004
Subject: force-v3-sigs not necessary any longer?
Message-ID: <6.1.2.0.2.20041021221043.02d161f0@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have used --force-v3-sigs in my preferences for a long time. Is this not
necessary any longer? What PGP versions can handle V4 signatures?
Besides what is the difference between V3 and V4 signatures? Are V4
signatures safer? How?
V?nligen
Per Tunedal
Civ. ing. Civ. ek.
S:t Mickelsgatan 148
129 44 H?gersten
Telefon: 08-646 34 83
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.950
Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBeBjnaDDfzFT+2PIRAhvkAJ9kicjC0XzlbHDZ4ZvrRht3r/sakACfbB1l
9bXp/6lPBoC0G6ef7sdalvw=
=TaVi
-----END PGP SIGNATURE-----
From johanw at vulcan.xs4all.nl Thu Oct 21 21:34:04 2004
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Thu Oct 21 23:24:26 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To: <20041016124621.GA19126@jabberwocky.com> from David Shaw at "Oct
16, 2004 08:46:21 am"
Message-ID: <200410211934.VAA01604@vulcan.xs4all.nl>
David Shaw wrote:
[1.3.91 released]
Tested on my old Linux libc5 setup; builds and runs OK there.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From zuxy.meng at gmail.com Fri Oct 22 06:35:22 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Fri Oct 22 06:32:04 2004
Subject: When to lock page under WinNT?
In-Reply-To: <87vfd4dmfk.fsf@wheatstone.g10code.de>
References:
<87vfd4dmfk.fsf@wheatstone.g10code.de>
Message-ID:
On Thu, 21 Oct 2004 19:13:19 +0200, Werner Koch wrote:
> On Tue, 19 Oct 2004 19:39:38 +0800, Zuxy said:
>
> We had long discussions on several Mailing lists over the years to
> check what VirtualLock really does. The conclusion is that it does
> not work in the described way. See Peter Gutmann's article on the RNG
> or his book.
I remember Peter said something positive about VirtualLock in the
gnupg-devel list, early this year?
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From pt at radvis.nu Fri Oct 22 08:43:01 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Fri Oct 22 08:38:21 2004
Subject: Symmetric encryption and mdc
Message-ID: <6.1.2.0.2.20041022083318.02d167f0@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have learned that message protection (mdc) is not used by default when
using symmetric encryption (password encryption). I can verify this when
the default cipher CAST is used: The warning "Message was not integrity
protected" is displayed upon decryption.
What puzzles me is that this warning is not displayed if I specify the
cipher to AES. Is integrity protection always used with some ciphers?
Are there any drawbacks if I specify "force-mdc" in my gpg.conf-file?
Is it possible to change the default cipher for symmetric encryption?
Per Tunedal
Keyid: 0xAE053BE0
Fingerprint: D70D 9057 A985 4944 2191 995A 2D74 F09D AE05 3BE0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.950
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBeKwfaDDfzFT+2PIRAlRJAJsHbz3wfGhSIk8VuP6rWczyxfNXHwCfUcbj
AVr3O2DWiG97JnA3cA7HEr0=
=ecY8
-----END PGP SIGNATURE-----
From kairaven at arcor.de Fri Oct 22 09:32:41 2004
From: kairaven at arcor.de (Kai Raven)
Date: Fri Oct 22 09:52:53 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To: <20041016124621.GA19126@jabberwocky.com>
References: <20041016124621.GA19126@jabberwocky.com>
Message-ID: <20041022093241.373a5810@matrix.localdomain.intern>
Hello David,
On Sat, 16 Oct 2004 08:46:21 -0400 you wrote:
> We strongly encourage people to try this development release and
> report any feedback or problems to gnupg-devel@gnupg.org.
Compiles and runs without problems under Fedora Core 2
--
Ciao
Kai
WWW: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0xD6E995A0
Jabber: kraven@jabber.ccc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 853 bytes
Desc: not available
Url : /pipermail/attachments/20041022/062ce39e/attachment.bin
From kairaven at arcor.de Fri Oct 22 09:54:16 2004
From: kairaven at arcor.de (Kai Raven)
Date: Fri Oct 22 10:16:03 2004
Subject: Symmetric encryption and mdc
In-Reply-To: <6.1.2.0.2.20041022083318.02d167f0@localhost>
References: <6.1.2.0.2.20041022083318.02d167f0@localhost>
Message-ID: <20041022095416.599cea88@matrix.localdomain.intern>
Hi Per,
On Fri, 22 Oct 2004 08:43:01 +0200 you wrote:
> Are there any drawbacks if I specify "force-mdc" in my gpg.conf-file?
compatibility problems with PGP versions < 8? Because pgp2, pgp6 and
pgp7 disable mdc.
> Is it possible to change the default cipher for symmetric encryption?
personal-cipher-preferences name1
the first named cipher will be used for symmetric encryption too
and/or
s2k-cipher-algo name
Use name as the cipher algorithm used to protect secret keys. The
default cipher is CAST5. This cipher is also used for conventional
encryption if --personal-cipher-preferences and --cipher-algo is not
given.
--
Ciao
Kai
WWW: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0xD6E995A0
Jabber: kraven@jabber.ccc.de
From zuxy.meng at gmail.com Fri Oct 22 10:23:50 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Fri Oct 22 10:20:23 2004
Subject: Symmetric encryption and mdc
In-Reply-To: <6.1.2.0.2.20041022083318.02d167f0@localhost>
References: <6.1.2.0.2.20041022083318.02d167f0@localhost>
Message-ID:
Mainly for compatibility reasons, GnuPG uses MDC for symmetric
encryption only if you're using a newer cipher, which in turn means
that the expected repecient has a better chance to have an MDC-enabled
decoder (pgp or gpg).
As for "force-mdc' in gpg.conf, I guess there's no drawback when you
symmetrically encrypt a file only to yourself.
On Fri, 22 Oct 2004 08:43:01 +0200, Per Tunedal Casual wrote:
> Hi,
>
> What puzzles me is that this warning is not displayed if I specify the
> cipher to AES. Is integrity protection always used with some ciphers?
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From pt at radvis.nu Fri Oct 22 15:09:17 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Fri Oct 22 15:35:00 2004
Subject: Symmetric encryption and mdc
In-Reply-To: <20041022095416.599cea88@matrix.localdomain.intern>
References: <6.1.2.0.2.20041022083318.02d167f0@localhost>
<20041022095416.599cea88@matrix.localdomain.intern>
Message-ID: <6.1.2.0.2.20041022150701.03825008@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Kaj,
personal-cipher-preferences doesn't work with WinPT, only if I use GPG
directly, if I put it in my gpg.conf-file. I am using GnuPG 1.2.5.
I write e.g. personal-cipher-preferences s7 in the config-file,
but it doesn't prevent WinPT from using CAST-5.
If I use:
gpg --symmetric file
it works alright. Is this an issue with GPG-ME or with WinPT?
BTW force-mdc works OK with WinPT.
Per Tunedal
At 09:54 2004-10-22, Kai Raven wrote:
>
>Hi Per,
>
>On Fri, 22 Oct 2004 08:43:01 +0200 you wrote:
>
>> Are there any drawbacks if I specify "force-mdc" in my
>> gpg.conf-file?
>
>compatibility problems with PGP versions < 8? Because pgp2, pgp6 and
>pgp7 disable mdc.
>
>> Is it possible to change the default cipher for symmetric
>> encryption?
>
>personal-cipher-preferences name1
>the first named cipher will be used for symmetric encryption too
>and/or
>s2k-cipher-algo name
>Use name as the cipher algorithm used to protect secret keys. The
>default cipher is CAST5. This cipher is also used for conventional
>encryption if --personal-cipher-preferences and --cipher-algo is not
>given.
>
>--
>Ciao
>Kai
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBeQ1qaDDfzFT+2PIRAk6IAJ0VLfhaec5Ru56N4UYKVE3ueJK+ZACfYz5Y
YnqLDsHu10lBdsm7dW1+yuM=
=wGqw
-----END PGP SIGNATURE-----
From kairaven at arcor.de Fri Oct 22 16:26:16 2004
From: kairaven at arcor.de (Kai Raven)
Date: Fri Oct 22 16:27:50 2004
Subject: Symmetric encryption and mdc
In-Reply-To: <6.1.2.0.2.20041022150701.03825008@localhost>
References: <6.1.2.0.2.20041022083318.02d167f0@localhost>
<20041022095416.599cea88@matrix.localdomain.intern>
<6.1.2.0.2.20041022150701.03825008@localhost>
Message-ID: <20041022162616.52037077@matrix.localdomain.intern>
Hi Per,
On Fri, 22 Oct 2004 15:09:17 +0200 you wrote:
> personal-cipher-preferences doesn't work with WinPT, only if I use GPG
> directly, if I put it in my gpg.conf-file. I am using GnuPG 1.2.5.
Yes you are right :(
I have teated it with my Windows vmware installation.
I have in my WinPT GnuPG preferences for the config file path
c:\gnupg\gpg.conf
If i change the option
personal-cipher-preferences S10 S9 S8 S7 S2 S4 S3
to
personal-cipher-preferences S9 S8 S7 S2 S4 S3 S10
and have s2k-cipher-algo AES256
WinPT still uses CAST5
--
Ciao
Kai
WWW: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0xD6E995A0
Jabber: kraven@jabber.ccc.de
From lists at kcoates.com Fri Oct 22 16:30:41 2004
From: lists at kcoates.com (Kevin Coates)
Date: Fri Oct 22 16:28:15 2004
Subject: GPGrelay 0.955 released
Message-ID: <6810412.20041022103041@nospam.kcoates.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello GnuPG-Users,
It looks like Andreas has been busy.
http://sourceforge.net/project/showfiles.php?group_id=33185
The change log below:
Version 0.955 ; release-date: 2004-Oct-22
* GPGrelay:
o More Dialogs have now proper Parent/Child-Hierarchy to disable some
unwanted Non- Modality (and proper positioning)
o GPGrelay now always tries to keep selections in lists/trees when
reloading keys
o Revoked/Expired/Disabled Subkeys are now also shown in keyviews
(still missing similar feature for primary keys)
o Revoke UserID is now also available through GPGrelay-GUI
o Untrusted UserIDs are now also grayed out in the Key-Displays
o Advanced debug-compiler-define for deadlock-checking (very
experimental, might not working as intended, have to find out :)) At
least it helped to catch one deadlock-situation with
GPGrelay-shutdown while being asked for a passphrase so it wasn't
worthless effort... (Not active in Release-Builds! In case you suffer
from GPGrelay hanging, you might want to give the debug-build a try!)
o STARTTLS/STLS is now always defaulting to TLS-Connection as some
servers abort connection with an SSL2-Hello and don't negotiate TLS
(or did I simply miss something in the OpenSSL-Doc?)
o Log Full Protocol does now also show the StartTLS-Chitchat.
o Some small improvements with Logging (still quite slow for large
mails when log full bodies is turned on)
o GPGrelay isn't that picky about email-addresses anymore, so it will
work with internal email-addresses like "user@domain" or simply
"user". Nevertheless GPGrelay is matching full strings, so
"user@domain" doesn't match with a fully given "user@domain.com", so
basically this one is only useful for giving aliases to GPGrelay
(doubt it's useful to have abbreviated emails inside userids).
o The PhotoID-Display can now be resized
o Changed some dialog-texts to have Mnemonics (underlined chars) now,
so you can navigate a bit more easily with the keyboards by pressing
"Alt+Mnemonic" (don't hesitate to tell me missing/duplicate ones;
this came late and is a boring issue, so I guess I haven't checked
all dialogs properly... Suggested to be incorporated in current and
future translations too.)
o --autoexportsettings is now also working when shutting down win2k
(GPGrelay is now creating the .reg-file by itself instead of
executing regedit.exe to export the entries)
o Simple Password-Spy-Detection should alarm you when someone
unauthorized (eg. Spyware or Backdoor) is trying to read a passphrase
from a GPGrelay-Dialog
o Better support of crippled keys: VerifyPassphrase doesn't only rely
on a signing-(sub)key anymore.
o Better handling of non-canonical lineendings from broken servers
o Little GUI-Fix: Relay-Dialog with IMAP and SSL is now properly
changing the default-ports.
o Changed a few lines of code so GPGrelay will now compile directly
with VC.NET 2003 -- to my surprise the run through VC.NET also
revealed embarrassing misuse of some MFC-Macros, so this experiment
was more than worthwhile!
* SMTP:
o Hide BCC-Recipient introduced blank additional line
o Some more troubles with "No secret primary Key" solved (should now
work as intended) basically due to the fact that there is a way to
fetch Usage-Flags for secret keys from GPG.
* POP3:
o Disabled Nagle-Algorithm (send coalescing) for local->remote-relay.
o Some more Line-Ending-Issues solved (fewer lines added/removed)
* IMAP:
o There is nothing I'll do here ... who is willing to care for IMAP-code?
- --
Kevin Coates
Dewitt, NY USA
________________________________________________________________
(see kludges for my pgp key)
-----BEGIN PGP SIGNATURE-----
iD8DBQFBeRmRvZSrVDqOXK0RAkDuAJ0Tc8Z19dbSoFEikns/MatVel1WrgCeJbDx
eelgy1cO5n2QXsPTp6z9FjI=
=ZD5T
-----END PGP SIGNATURE-----
From servie_tech at yahoo.com Fri Oct 22 19:09:20 2004
From: servie_tech at yahoo.com (Servie Platon)
Date: Fri Oct 22 19:06:33 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
Message-ID: <20041022170920.75005.qmail@web52501.mail.yahoo.com>
Hi folks,
I have a small home network comprising of mixed
desktop and laptop machines running Windows XP and
FC2.
I already have a working gnupg version 1.2.6 which I
downloaded from gnupg site and have compiled myself
without a problem.
Now, Mr. Kai Raven mentioned and encourages to try out
the development release, see below:
> We strongly encourage people to try this development
release and
> report any feedback or problems to
gnupg-devel@gnupg.org.
Compiles and runs without problems under Fedora Core 2
--
Ciao
Kai
My questions are these:
1. I would like to try out the development version and
compile from source. Since, I have already a working
copy and have compiled myself, how do I upgrade from
version 1.2.6 to 1.3.91 so that I could try out the
development stage?
I have printed the GNU Privacy Handbook and I don't
seem to find any info on how to make an upgrade.
Should I just make another compile from source? Any
suggestions or URL would be appreciated.
2. Is this development branch stable already?
3. And finally, for my windows desktops, I have found
some info here:
http://enigmail.mozdev.org/gpgconf.html
wherein, I have downloaded GnuPG 1.2.5 compiled for
Microsoft Windows and just followed the instructions
and voila.
Now, likewise for my windows client desktops, I would
like to try out the development version of gnupg for
windows. Is there a working binary for this particular
development version at the gnupg site?
Any suggestions would be highly appreciated.
Thanks in advance.
Sincerely,
Servie
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
From zuxy.meng at gmail.com Fri Oct 22 19:30:25 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Fri Oct 22 19:27:01 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To: <20041022170920.75005.qmail@web52501.mail.yahoo.com>
References: <20041022170920.75005.qmail@web52501.mail.yahoo.com>
Message-ID:
On Fri, 22 Oct 2004 10:09:20 -0700 (PDT), Servie Platon
wrote:
> Hi folks,
>
> My questions are these:
>
> 1. I would like to try out the development version and
> compile from source. Since, I have already a working
> copy and have compiled myself, how do I upgrade from
> version 1.2.6 to 1.3.91 so that I could try out the
> development stage?
Since you built 1.2.6 from source instead of installing an rpm
package, you can safely download the 1.3.91 source and build it as you
did for 1.2.6, I suppose it'll overwrite the old binaries but conserve
other settings (e.g. locations of gpg.conf and keyrings).
> 3. And finally, for my windows desktops, I have found
> some info here:
>
> Now, likewise for my windows client desktops, I would
> like to try out the development version of gnupg for
> windows. Is there a working binary for this particular
> development version at the gnupg site?
Do a search of this list. I posted just a few days ago.
>
> Sincerely,
> Servie
>
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From hmujtaba at forumsys.com Fri Oct 22 19:59:49 2004
From: hmujtaba at forumsys.com (Hasnain Mujtaba)
Date: Fri Oct 22 19:56:57 2004
Subject: force-v3-sigs not necessary any longer?
Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3B4@bstn-exch1.forumsys.com>
I did some testing and learned that PGP8.x generates v3 signatures, but it can verify v4 signatures. This is probably for interoperabilty with PGP6.5.8, which cannot verify v4 sigs.
RFC 2440 describes the difference between v3 and v4 signatures as follows:
Two versions of signature packets are defined. Version 3 provides
basic signature information, while version 4 provides an expandable
format with subpackets that can specify more information about the
signature. PGP 2.6.x only accepts version 3 signatures.
Hasnain.
-----Original Message-----
From: gnupg-users-bounces@gnupg.org [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Per Tunedal Casual
Sent: Thursday, October 21, 2004 4:15 PM
To: gnupg-users@gnupg.org
Subject: force-v3-sigs not necessary any longer?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have used --force-v3-sigs in my preferences for a long time. Is this not
necessary any longer? What PGP versions can handle V4 signatures?
Besides what is the difference between V3 and V4 signatures? Are V4
signatures safer? How?
V?nligen
Per Tunedal
Civ. ing. Civ. ek.
S:t Mickelsgatan 148
129 44 H?gersten
Telefon: 08-646 34 83
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.950
Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBeBjnaDDfzFT+2PIRAhvkAJ9kicjC0XzlbHDZ4ZvrRht3r/sakACfbB1l
9bXp/6lPBoC0G6ef7sdalvw=
=TaVi
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From kairaven at arcor.de Fri Oct 22 21:31:14 2004
From: kairaven at arcor.de (Kai Raven)
Date: Fri Oct 22 21:31:33 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To: <20041022170920.75005.qmail@web52501.mail.yahoo.com>
References: <20041022170920.75005.qmail@web52501.mail.yahoo.com>
Message-ID: <20041022213114.6d8d4831@matrix.localdomain.intern>
Hi Servie,
On Fri, 22 Oct 2004 10:09:20 -0700 (PDT) you wrote:
> Now, Mr. Kai Raven mentioned and encourages to try out
> the development release, see below:
No, David Shaw or Werner Koch from the GnuPG Team made the announcments
:o)
> 1. I would like to try out the development version and
> compile from source. Since, I have already a working
> copy and have compiled myself, how do I upgrade from
> version 1.2.6 to 1.3.91 so that I could try out the
> development stage?
> I have printed the GNU Privacy Handbook and I don't
> seem to find any info on how to make an upgrade.
> Should I just make another compile from source? Any
> suggestions or URL would be appreciated.
You can compile and install as with version 1.2.6, the new install
overwrites all binary files and man pages from 1.2.6.
If you prefer RPMs, you can try a rpmbuild -tb gnupg-1.3.91.tar.bz2,
because a spec file is included.
> 2. Is this development branch stable already?
It is a "developer" version but imo stable to use it with FC2 :)
--
Ciao
Kai
WWW: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0xD6E995A0
Jabber: kraven@jabber.ccc.de
From marcus.brinkmann at ruhr-uni-bochum.de Fri Oct 22 21:17:47 2004
From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann)
Date: Fri Oct 22 21:43:21 2004
Subject: [Announce] GPGME 1.0.1 released
References: <87d603agf9.wl@ulysses.g10code.de>
Message-ID: <87pt3a4l5w.wl@ulysses.g10code.de>
We are pleased to announce version 1.0.1 of GnuPG Made Easy,
a library designed to make access to GnuPG easier for applications.
It may be found in the file (about 795 KB compressed)
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.0.1.tar.gz
The following files are also available:
ftp://ftp.gnupg.org/gcrypt/gpgme/gpgme-1.0.1.tar.gz.sig
ftp://ftp.gnupg.org/gcrypt/alpha/gpgme/gpgme-1.0.0-1.0.1.diff.gz
It should soon appear on the mirrors listed at:
http://www.gnupg.org/mirrors.html
Bug reports and requests for assistance should be sent to:
gnupg-devel@gnupg.org
The md5sum checksums for this distibution are
f9acf829e1d2821e62da8832e0bebf44 gpgme-1.0.0-1.0.1.diff.gz
915045809b729998e4b7cb58856550a4 gpgme-1.0.1.tar.gz
f5d4961abc805d8f393893d86482b576 gpgme-1.0.1.tar.gz.sig
Noteworthy changes in version 1.0.1 (2004-10-22)
------------------------------------------------
* Only bug fixes.
Marcus Brinkmann
mb@g10code.de
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From servie_tech at yahoo.com Fri Oct 22 23:50:32 2004
From: servie_tech at yahoo.com (Servie Platon)
Date: Fri Oct 22 23:47:34 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To: <20041022213114.6d8d4831@matrix.localdomain.intern>
Message-ID: <20041022215032.46616.qmail@web52502.mail.yahoo.com>
Hi Mr. Raven,
Thank you very much on your reply. Appreciate your
kind help.
Actually, I am a little bit worried on my win32
installation. As per previous post of Mr.Zuki Meng, I
was told to look for the answers to this post on the
list which I did. Now, I have downloaded,
gnupg-1.3.91w32.tar.bz2 to my windows machine and was
able to extract the files.
http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023499.html
Since, this is a bz2 file and not a zip file. How do I
make upgrade to 1.3.91? With this,
gnupg-w32cli-1.2.5.zip which I got from gnupg.org I
was able to enable it by following the instructions on
mozilla howto on gpg.conf which works fine.
I just don't know where to go from here??? Would you
think it would be a good idea for me to follow the
instructions on
http://web.tiscali.it/clbianco/gnupg/eng/gnupg.html
(Building GnuPG for Win32 using MinGW? I could do this
procedure and I don't mind going through the process
further. My only hesitation, is it might conflict my
previous installation, 1.2.5. Any thoughts on this?
Thanks again and hope to hear from you soon.
Sincerely,
Servie
--- Kai Raven wrote:
>
> Hi Servie,
>
> On Fri, 22 Oct 2004 10:09:20 -0700 (PDT) you wrote:
>
> > Now, Mr. Kai Raven mentioned and encourages to try
> out
> > the development release, see below:
>
> No, David Shaw or Werner Koch from the GnuPG Team
> made the announcments
> :o)
>
> > 1. I would like to try out the development version
> and
> > compile from source. Since, I have already a
> working
> > copy and have compiled myself, how do I upgrade
> from
> > version 1.2.6 to 1.3.91 so that I could try out
> the
> > development stage?
>
> > I have printed the GNU Privacy Handbook and I
> don't
> > seem to find any info on how to make an upgrade.
> > Should I just make another compile from source?
> Any
> > suggestions or URL would be appreciated.
>
> You can compile and install as with version 1.2.6,
> the new install
> overwrites all binary files and man pages from
> 1.2.6.
> If you prefer RPMs, you can try a rpmbuild -tb
> gnupg-1.3.91.tar.bz2,
> because a spec file is included.
>
> > 2. Is this development branch stable already?
>
> It is a "developer" version but imo stable to use it
> with FC2 :)
>
> --
> Ciao
> Kai
>
> WWW: http://kai.iks-jena.de/
> Blog: http://rabenhorst.blogg.de/
> GnuPG-Key: 0xD6E995A0
> Jabber: kraven@jabber.ccc.de
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
From zuxy.meng at gmail.com Sat Oct 23 06:58:41 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Sat Oct 23 06:55:22 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To: <20041022215032.46616.qmail@web52502.mail.yahoo.com>
References: <20041022213114.6d8d4831@matrix.localdomain.intern>
<20041022215032.46616.qmail@web52502.mail.yahoo.com>
Message-ID:
On Fri, 22 Oct 2004 14:50:32 -0700 (PDT), Servie Platon
wrote:
>
> Since, this is a bz2 file and not a zip file. How do I
> make upgrade to 1.3.91? With this,
> gnupg-w32cli-1.2.5.zip which I got from gnupg.org I
> was able to enable it by following the instructions on
> mozilla howto on gpg.conf which works fine.
Well, a .tar.bz2 is just like a .zip. Extract all the files to the
directory where you've installed 1.2.5 (you may backup the old files
in advance), replace the old binaries and it'll run just fine because
a working environment for 1.2.5 is still working for 1.3.91.
> I just don't know where to go from here??? Would you
> think it would be a good idea for me to follow the
> instructions on
> http://web.tiscali.it/clbianco/gnupg/eng/gnupg.html
> (Building GnuPG for Win32 using MinGW? I could do this
> procedure and I don't mind going through the process
> further. My only hesitation, is it might conflict my
> previous installation, 1.2.5. Any thoughts on this?
That instruction is good but a little outdated and I've written
something complementary -- "Building GnuPG 1.3.x for Win32 using
MinGW" at http://www.smth.org/pc/pccon.php?id=3683&nid=85555. If you
have problems following instructions in these two articles, feel free
to contact me through emails.
And there's a third way, since you have a working FC2 -- you can
cross-build it under the CPD version of MinGW which is available at
ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cpd-0.3.1.tar.gz. I
reckon there are few problems because this way is official :-)But I'm
too lazy to try it out.
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From abjork at online.no Sat Oct 23 09:55:46 2004
From: abjork at online.no (=?iso-8859-1?Q?Arild_Bj=F8rk?=)
Date: Sat Oct 23 09:52:17 2004
Subject: Reload keys
Message-ID: <000e01c4b8d5$b4905840$6600a8c0@CEL2000>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I use both PGP 8.1 and GnuPG 1.2.5 for Windows with GPGshell. Both programs have 414 keys. What I've noticed is that GnuPG is slow reloading the keys to GPGshell. It takes 8-9 seconds. With PGP the (re)loading of keys is done in a couple of seconds.
Is it possible to make GnuPG reload keys much faster?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
iD8DBQFBeg6Cn1hjZcCMxG0RAomfAJ9eIolv4Y+pzKsz7PaqELLMNvT+zwCfZZMa
QkMXb7XBPViqPFXiOVIxcuk=
=fczS
-----END PGP SIGNATURE-----
From pragai at rubin.hu Sat Oct 23 10:58:00 2004
From: pragai at rubin.hu (=?ISO-8859-2?Q?=22Pr=E1gai=2C_R=F3bert=22?=)
Date: Sat Oct 23 10:55:01 2004
Subject: scdaemon with cryptoflex
Message-ID: <417A1D18.5060807@rubin.hu>
Hi,
is it possible to use scdaemon with a Schlumberger Cryptoflex card
using it's pkcs15 structure created by opensc? I tried but gpg2 --card
-status failed with various errors.
So, I have a working card, with a pkcs15 structure. I have successfully
start the scdaemon, but it reports: can't lock card in reader 0: Generic
reader error. When I restart openct, anther error appears as well: no
supported card application found: Card error
What can be the reason of this? Any suggestions?
zyx:/home/pragai/gpg/src/gnupg-1.9.11# opensc-tool -a
3B 95 18 40 FF 62 01 02 01 04 ;..@.b....
zyx:/home/pragai/gpg/src/gnupg-1.9.11# pkcs15-tool -k
Private RSA Key [Private Key]
Com. Flags : 3
Usage : [0x22E], decrypt, sign, signRecover, unwrap,
nonRepudiation
Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract,
local
ModLength : 1024
Key ref : 0
Native : yes
Path : 3F0050154B0130450012
Auth ID : 01
ID : 45
zyx:/home/pragai/gpg/src/gnupg-1.9.11# eval `scdaemon --daemon`
scdaemon[9367]: NOTE: this is a development version!
zyx:/home/pragai/gpg/src/gnupg-1.9.11# gpg2 --card-status
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: DBG: connection to agent established
scdaemon[9371]: NOTE: this is a development version!
scdaemon[9371]: can't lock card in reader 0: Generic reader error
scdaemon[9371]: can't lock card in reader 0: Generic reader error
scdaemon[9371]: can't lock card in reader 0: Generic reader error
scdaemon: card.c:486: sc_unlock: El?felt?telez?s `card->lock_count >= 1'
sikertelen.
gpg-agent[9370]: command learn failed: Unknown system error
gpg: OpenPGP card not available: Assuan server fault
zyx:/home/pragai/gpg/src/gnupg-1.9.11# /etc/init.d/openct restart
Restarting smart card terminal framework: OpenCT1 process killed.
.
zyx:/home/pragai/gpg/src/gnupg-1.9.11# gpg2 --card-status
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: DBG: connection to agent established
scdaemon[9380]: NOTE: this is a development version!
scdaemon[9380]: no supported card application found: Card error
scdaemon[9380]: can't lock card in reader 0: Generic reader error
scdaemon: card.c:486: sc_unlock: El?felt?telez?s `card->lock_count >= 1'
sikertelen.
gpg-agent[9379]: command learn failed: Unknown system error
gpg: OpenPGP card not available: Assuan server fault
thanks,
Robert
From linux at codehelp.co.uk Sat Oct 23 20:28:57 2004
From: linux at codehelp.co.uk (Neil Williams)
Date: Sat Oct 23 20:25:31 2004
Subject: Reload keys
In-Reply-To: <000e01c4b8d5$b4905840$6600a8c0@CEL2000>
References: <000e01c4b8d5$b4905840$6600a8c0@CEL2000>
Message-ID: <200410231928.57888.linux@codehelp.co.uk>
On Saturday 23 October 2004 8:55 am, Arild Bj?rk wrote:
> I use both PGP 8.1 and GnuPG 1.2.5 for Windows with GPGshell. Both programs
> have 414 keys. What I've noticed is that GnuPG is slow reloading the keys
> to GPGshell. It takes 8-9 seconds. With PGP the (re)loading of keys is done
> in a couple of seconds.
>
> Is it possible to make GnuPG reload keys much faster?
PGP might be skipping the trust database check. You can do the same but GnuPG
will prompt you to run --check-trustdb from time to time (like when new keys
are imported or existing ones refreshed) so that might be something to do via
cron or Task Scheduler (if that still exists on Windows).
I use no-auto-check-trustdb in gpg.conf and
gpg --check-trustdb
in cron, at least once a week, plus manual --update-trustdb to catch up with
new keys with no user trust level (which check- won't do).
--
Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041023/90827fee/attachment-0001.bin
From servie_tech at yahoo.com Sun Oct 24 02:59:49 2004
From: servie_tech at yahoo.com (Servie Platon)
Date: Sun Oct 24 02:56:52 2004
Subject: Adding a Comment
Message-ID: <20041024005949.67343.qmail@web52505.mail.yahoo.com>
Hi folks,
I am sorry if this may have been asked before.
Is there a way to add a comment, after one has
generated a key? I know, this is not as important but
I am just curious if it is possible after you have
saved your keys?
Thanks.
Sincerely,
Servie
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
From servie_tech at yahoo.com Sun Oct 24 03:08:44 2004
From: servie_tech at yahoo.com (Servie Platon)
Date: Sun Oct 24 03:05:47 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To:
Message-ID: <20041024010844.81863.qmail@web52509.mail.yahoo.com>
Hi Zuky,
Thank you for the suggestion earlier.
I have extracted the the gnupg binaries into the
folder and it worked! This means I don't have to go
through the second option in the first place. Thanks a
lot!
However, I still have another problem. Is there a way
to automatically sign all outgoing email messages with
my public keys using mozilla thunderbird for my work
email: servie@admar-group.com and personal email:
servie_tech@yahoo.com?
I have read and searched in google that to do this, we
need to make a signature file and configure
thunderbird or yahoo to open that file whenever you
make new mail messages, we get a signed email?
Is this the only way to do this? Any thoughts on this
from you or from anyone else in this group would
definitely be appreciated.
Thank you very much.
Sincerely,
Servie
--- Zuxy wrote:
> On Fri, 22 Oct 2004 14:50:32 -0700 (PDT), Servie
> Platon
> wrote:
> >
> > Since, this is a bz2 file and not a zip file. How
> do I
> > make upgrade to 1.3.91? With this,
> > gnupg-w32cli-1.2.5.zip which I got from gnupg.org
> I
> > was able to enable it by following the
> instructions on
> > mozilla howto on gpg.conf which works fine.
>
> Well, a .tar.bz2 is just like a .zip. Extract all
> the files to the
> directory where you've installed 1.2.5 (you may
> backup the old files
> in advance), replace the old binaries and it'll run
> just fine because
> a working environment for 1.2.5 is still working for
> 1.3.91.
>
> > I just don't know where to go from here??? Would
> you
> > think it would be a good idea for me to follow the
> > instructions on
> >
> http://web.tiscali.it/clbianco/gnupg/eng/gnupg.html
> > (Building GnuPG for Win32 using MinGW? I could do
> this
> > procedure and I don't mind going through the
> process
> > further. My only hesitation, is it might conflict
> my
> > previous installation, 1.2.5. Any thoughts on
> this?
>
> That instruction is good but a little outdated and
> I've written
> something complementary -- "Building GnuPG 1.3.x for
> Win32 using
> MinGW" at
> http://www.smth.org/pc/pccon.php?id=3683&nid=85555.
> If you
> have problems following instructions in these two
> articles, feel free
> to contact me through emails.
>
> And there's a third way, since you have a working
> FC2 -- you can
> cross-build it under the CPD version of MinGW which
> is available at
>
ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cpd-0.3.1.tar.gz.
> I
> reckon there are few problems because this way is
> official :-)But I'm
> too lazy to try it out.
>
> --
> Zuxy
> Beauty is truth,
> While truth is beauty.
> PGP KeyID: E8555ED6
>
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
From abjork at online.no Sun Oct 24 10:12:37 2004
From: abjork at online.no (=?iso-8859-1?Q?Arild_Bj=F8rk?=)
Date: Sun Oct 24 10:09:11 2004
Subject: Reload keys
In-Reply-To: <000e01c4b8d5$b4905840$6600a8c0@CEL2000>
Message-ID: <000301c4b9a1$39b6efe0$6600a8c0@CEL2000>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: gnupg-users-bounces@gnupg.org
> [mailto:gnupg-users-bounces@gnupg.org] On Behalf Of Arild Bj?rk
> Sent: Saturday, October 23, 2004 9:56 AM
> To: Gnupg-Users
> Subject: Reload keys
>
> I use both PGP 8.1 and GnuPG 1.2.5 for Windows with GPGshell.
> Both programs have 414 keys. What I've noticed is that GnuPG
> is slow reloading the keys to GPGshell. It takes 8-9 seconds.
> With PGP the (re)loading of keys is done in a couple of seconds.
>
> Is it possible to make GnuPG reload keys much faster?
Solved the problem by using:
gpg -rebuild-keydb-cache from GPGShell
GnuPGs reloading of keys seems now a tad quicker than PGP.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQXtj9Z9YY2XAjMRtEQK8iACfQm8RpB8QAgPfpl+MxhmiU2QGs6QAn1GB
Ig/XI7INKJjb//aXUdTl2JrQ
=PRwC
-----END PGP SIGNATURE-----
From wk at gnupg.org Sun Oct 24 14:41:50 2004
From: wk at gnupg.org (Werner Koch)
Date: Sun Oct 24 14:44:25 2004
Subject: When to lock page under WinNT?
In-Reply-To: (zuxy.meng@gmail.com's
message of "Fri, 22 Oct 2004 12:35:22 +0800")
References:
<87vfd4dmfk.fsf@wheatstone.g10code.de>
Message-ID: <87fz44wanl.fsf@wheatstone.g10code.de>
On Fri, 22 Oct 2004 12:35:22 +0800, Zuxy said:
> I remember Peter said something positive about VirtualLock in the
> gnupg-devel list, early this year?
IIRC, he was not yet sure about it.
Werner
From shavital at mac.com Sun Oct 24 18:47:17 2004
From: shavital at mac.com (Charly Avital)
Date: Sun Oct 24 18:44:03 2004
Subject: Adding a Comment
In-Reply-To: <20041024005949.67343.qmail@web52505.mail.yahoo.com>
References: <20041024005949.67343.qmail@web52505.mail.yahoo.com>
Message-ID:
I reckon that the comment is part of your gpg.conf file, therefore it will
be applied to all your keys.
It would go this way:
$ gpg --comment [text of the comment]
But there might be another way, and I hope other list members will help.
Charly
At 5:59 PM -0700 10/23/04, Servie Platon wrote:
>Hi folks,
>
>I am sorry if this may have been asked before.
>
>Is there a way to add a comment, after one has
>generated a key? I know, this is not as important but
>I am just curious if it is possible after you have
>saved your keys?
>
>Thanks.
>
>Sincerely,
>Servie
From twoaday at freakmail.de Sun Oct 24 19:22:44 2004
From: twoaday at freakmail.de (Timo Schulz)
Date: Sun Oct 24 19:33:18 2004
Subject: Symmetric encryption and mdc
In-Reply-To: <20041022162616.52037077@matrix.localdomain.intern>
References: <6.1.2.0.2.20041022083318.02d167f0@localhost>
<20041022095416.599cea88@matrix.localdomain.intern>
<6.1.2.0.2.20041022150701.03825008@localhost>
<20041022162616.52037077@matrix.localdomain.intern>
Message-ID: <20041024172244.GA1188@daredevil.joesixpack.net>
On Fri Oct 22 2004; 16:26, Kai Raven wrote:
> I have in my WinPT GnuPG preferences for the config file path
It would be useful to know what WinPT version you used.
> c:\gnupg\gpg.conf
> If i change the option
> personal-cipher-preferences S10 S9 S8 S7 S2 S4 S3
> to
> personal-cipher-preferences S9 S8 S7 S2 S4 S3 S10
> and have s2k-cipher-algo AES256
> WinPT still uses CAST5
Indeed I use a default for symmetric encryption A long time ago I
did it to fix some GPG -> PGP6 problems. I will change it so it
honors the option if it is available (or "cipher-algo").
Thanks,
Timo
From kairaven at arcor.de Sun Oct 24 21:41:42 2004
From: kairaven at arcor.de (Kai Raven)
Date: Sun Oct 24 21:39:21 2004
Subject: Symmetric encryption and mdc
In-Reply-To: <20041024172244.GA1188@daredevil.joesixpack.net>
References: <6.1.2.0.2.20041022083318.02d167f0@localhost>
<20041022095416.599cea88@matrix.localdomain.intern>
<6.1.2.0.2.20041022150701.03825008@localhost>
<20041022162616.52037077@matrix.localdomain.intern>
<20041024172244.GA1188@daredevil.joesixpack.net>
Message-ID: <20041024214142.261407e5@matrix.localdomain.intern>
Hi Timo,
On Sun, 24 Oct 2004 19:22:44 +0200 you wrote:
> It would be useful to know what WinPT version you used.
1.0rc2 with WinPT Tray 0.9.12 from
http://sourceforge.net/projects/winpt/
>
> > c:\gnupg\gpg.conf
> > If i change the option
> > personal-cipher-preferences S10 S9 S8 S7 S2 S4 S3
> > to
> > personal-cipher-preferences S9 S8 S7 S2 S4 S3 S10
> > and have s2k-cipher-algo AES256
> > WinPT still uses CAST5
>
> Indeed I use a default for symmetric encryption A long time ago I
> did it to fix some GPG -> PGP6 problems.
I see & understandable :)
> I will change it so it
> honors the option if it is available (or "cipher-algo").
Mmh, i think cipher-ago is not a good idea, because it is not so
flexible as the first mentioned ID in personal-cipher-preferences or
secondary the name with s2k-cipher-algo. I mean, if somebody uses GnuPG
for public key crypto without WinPT...
--
Ciao
Kai
WWW: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0xD6E995A0
Jabber: kraven@jabber.ccc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 853 bytes
Desc: not available
Url : /pipermail/attachments/20041024/92666c5a/attachment.bin
From pt at radvis.nu Sun Oct 24 22:31:43 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Sun Oct 24 22:30:41 2004
Subject: Symmetric encryption and mdc
In-Reply-To: <20041024172244.GA1188@daredevil.joesixpack.net>
References: <6.1.2.0.2.20041022083318.02d167f0@localhost>
<20041022095416.599cea88@matrix.localdomain.intern>
<6.1.2.0.2.20041022150701.03825008@localhost>
<20041022162616.52037077@matrix.localdomain.intern>
<20041024172244.GA1188@daredevil.joesixpack.net>
Message-ID: <6.1.2.0.2.20041024223101.02d16ad8@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 19:22 2004-10-24, Timo Schulz wrote:
>On Fri Oct 22 2004; 16:26, Kai Raven wrote:
>
>> I have in my WinPT GnuPG preferences for the config file path
>
>It would be useful to know what WinPT version you used.
>
I tested with WinPT v. 0.7.96
>
- --- snipped ---
>
>Thanks,
>
> Timo
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBfBI1aDDfzFT+2PIRAtAbAJ9vNSVB6CzsXSvvbBaR6ZSN8q/GHwCfV8yC
lmuJu6Vj5JoGdKgbfuO98oU=
=V6lW
-----END PGP SIGNATURE-----
From pt at radvis.nu Sun Oct 24 23:20:16 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Sun Oct 24 23:16:02 2004
Subject: Symmetric encryption
Message-ID: <6.1.2.0.2.20041024230022.02d16c40@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
how is symmetric encryption performed in GnuPG? When encrypting the secret
key and when encrypting a file?
I suppose a session key is created with the chosen length (depending on the
chosen cipher). And the session key is encrypted with the passphrase.
How is the passphrase used? Is it hashed with e.g. SHA-1 to derive a key?
Or is the passphrase used directly?
What are the security implications? It cannot be meaningful to choose a
cipher that produces a longer key than the password can generate. If SHA-1
is the limit, then you've got 160 bits. Thus a cipher with 256 bits would
be overkill. If the password is used directly the calculation must be based
on the strength of the password used by the individual, I suppose.
V?nligen
Per Tunedal
Civ. ing. Civ. ek.
S:t Mickelsgatan 148
129 44 H?gersten
Telefon: 08-646 34 83
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955
Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBfBzVaDDfzFT+2PIRArjaAJ9IJEhqN6eNrAlwqNlaO9XiVFJAYACeMfj+
0LdeahFU0nTZFxpQdtGc6Fg=
=qNzk
-----END PGP SIGNATURE-----
From JPClizbe at comcast.net Mon Oct 25 01:25:11 2004
From: JPClizbe at comcast.net (John Clizbe)
Date: Mon Oct 25 01:22:20 2004
Subject: Adding a Comment
In-Reply-To: <20041024005949.67343.qmail@web52505.mail.yahoo.com>
References: <20041024005949.67343.qmail@web52505.mail.yahoo.com>
Message-ID: <417C39D7.5080708@comcast.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Servie Platon wrote:
>
> Hi folks,
>
> I am sorry if this may have been asked before.
>
> Is there a way to add a comment, after one has
> generated a key? I know, this is not as important but
> I am just curious if it is possible after you have
> saved your keys?
It's not possible to edit the comment field of an UID after it has been
made part of the key. You may, however, add a new UID (same name, same
email, add the comment) and delete the old UID without the comment.
- --
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Our enemies are innovative and resourceful, and so are we. They
never stop thinking about new ways to harm our country and our people,
and neither do we." - Dumbya explaining his administration 5-Aug-2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92-cvs (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Annoy John Asscraft -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBfDnWHQSsSmCNKhARArybAKC+jLJN5o2NkDATrUI1SwK+r7YtQACfRPaI
mFsfyM1IjkeX1tdehr17ktw=
=Fyc1
-----END PGP SIGNATURE-----
From servie_tech at yahoo.com Mon Oct 25 05:14:15 2004
From: servie_tech at yahoo.com (Servie Platon)
Date: Mon Oct 25 05:11:19 2004
Subject: Adding a Comment
In-Reply-To: <417C39D7.5080708@comcast.net>
Message-ID: <20041025031415.32150.qmail@web52508.mail.yahoo.com>
Thank you very much John and Charly for the reply on
my query.
Sincerely,
Servie
--- John Clizbe wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Servie Platon wrote:
> >
> > Hi folks,
> >
> > I am sorry if this may have been asked before.
> >
> > Is there a way to add a comment, after one has
> > generated a key? I know, this is not as important
> but
> > I am just curious if it is possible after you have
> > saved your keys?
>
> It's not possible to edit the comment field of an
> UID after it has been
> made part of the key. You may, however, add a new
> UID (same name, same
> email, add the comment) and delete the old UID
> without the comment.
>
>
>
> - --
> John P. Clizbe Inet:
> JPClizbe(a)comcast DOT nyet
> Golden Bear Networks PGP/GPG KeyID:
> 0x608D2A10
> "Our enemies are innovative and resourceful, and
> so are we. They
> never stop thinking about new ways to harm our
> country and our people,
> and neither do we." - Dumbya explaining his
> administration 5-Aug-2004
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.3.92-cvs (Windows 2000 SP4)
> Comment: When cryptography is outlawed,
> b25seSBvdXRsYXdzIHdpbGwgdXNlIG
> Comment: Annoy John Asscraft -- Use Strong
> Encryption.
> Comment: It's YOUR right - for the time being.
> Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org
>
>
iD8DBQFBfDnWHQSsSmCNKhARArybAKC+jLJN5o2NkDATrUI1SwK+r7YtQACfRPaI
> mFsfyM1IjkeX1tdehr17ktw=
> =Fyc1
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
=====
Sincerely,
Servie Platon
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
From twoaday at freakmail.de Mon Oct 25 08:06:43 2004
From: twoaday at freakmail.de (Timo Schulz)
Date: Mon Oct 25 18:25:42 2004
Subject: Symmetric encryption and mdc
In-Reply-To: <20041024214142.261407e5@matrix.localdomain.intern>
References: <6.1.2.0.2.20041022083318.02d167f0@localhost>
<20041022095416.599cea88@matrix.localdomain.intern>
<6.1.2.0.2.20041022150701.03825008@localhost>
<20041022162616.52037077@matrix.localdomain.intern>
<20041024172244.GA1188@daredevil.joesixpack.net>
<20041024214142.261407e5@matrix.localdomain.intern>
Message-ID: <20041025060643.GA808@daredevil.joesixpack.net>
On Sun Oct 24 2004; 21:41, Kai Raven wrote:
> Mmh, i think cipher-ago is not a good idea, because it is not so
> flexible as the first mentioned ID in personal-cipher-preferences or
> secondary the name with s2k-cipher-algo. I mean, if somebody uses GnuPG
> for public key crypto without WinPT...
What I wanted to say is, that I will disable the CAST5 cipher force
if I found an option in the gpg.conf which would override it.
And for WinPT this is only a problem when you use symmetric encryption.
I guess most of the time, people use public-key encryption.
Timo
--
Colt at WinPT.org keyid BF3DF9B4 (http://www.winpt.org)
WinPT (http://www.stud.uni-hannover.de/~twoaday/winpt.html)
Installer (http://www.equipmente.de/viewtopic.php?t=433#1080)
From wk at gnupg.org Mon Oct 25 20:08:40 2004
From: wk at gnupg.org (Werner Koch)
Date: Mon Oct 25 20:09:27 2004
Subject: Gnupg for Windows and key generation?
In-Reply-To: <4174DB42.5090007@siba.fi> (Severi Salminen's message of "Tue,
19 Oct 2004 12:15:46 +0300")
References: <4174DB42.5090007@siba.fi>
Message-ID: <87d5z6n00n.fsf@wheatstone.g10code.de>
On Tue, 19 Oct 2004 12:15:46 +0300, Severi Salminen said:
> 6. If all the above information is available somewhere I'd appreciate a
> link.
@Book{Gut:02:CSA,
author = "Peter Gutmann",
title = "Cryptographic Security Architecture",
language = "USenglish",
publisher = pub-SV,
address = pub-SV:adr,
pages = "xviii + 320",
year = "2002",
ISBN = "0-387-95387-6",
keywords = "cryptograpy",
}
which contains an update of the original paper:
http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix98.pdf
For gpg implementation issues see doc/DETAILS
Werner
From pt at radvis.nu Mon Oct 25 20:23:46 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Mon Oct 25 20:19:11 2004
Subject: Symmetric encryption and mdc
In-Reply-To: <20041025060643.GA808@daredevil.joesixpack.net>
References: <6.1.2.0.2.20041022083318.02d167f0@localhost>
<20041022095416.599cea88@matrix.localdomain.intern>
<6.1.2.0.2.20041022150701.03825008@localhost>
<20041022162616.52037077@matrix.localdomain.intern>
<20041024172244.GA1188@daredevil.joesixpack.net>
<20041024214142.261407e5@matrix.localdomain.intern>
<20041025060643.GA808@daredevil.joesixpack.net>
Message-ID: <6.1.2.0.2.20041025202247.0381ce40@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 08:06 2004-10-25, Timo Schulz wrote:
>On Sun Oct 24 2004; 21:41, Kai Raven wrote:
>
>> Mmh, i think cipher-ago is not a good idea, because it is not so
>> flexible as the first mentioned ID in personal-cipher-preferences or
>> secondary the name with s2k-cipher-algo. I mean, if somebody uses GnuPG
>> for public key crypto without WinPT...
>
>What I wanted to say is, that I will disable the CAST5 cipher force
>if I found an option in the gpg.conf which would override it.
>
>And for WinPT this is only a problem when you use symmetric encryption.
>I guess most of the time, people use public-key encryption.
>
>
> Timo
>
That will be fine. Thank you, Timo!
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBfUTlaDDfzFT+2PIRAo0DAJ9Ws5ib/CC97HWEk6iE00FC1bTwdQCdEBbv
MGvpdbYtMs0sc4w7faUsT1o=
=WOP6
-----END PGP SIGNATURE-----
From pt at radvis.nu Mon Oct 25 20:44:41 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Mon Oct 25 21:20:06 2004
Subject: Symmetric encryption
In-Reply-To: <6.1.2.0.2.20041024230022.02d16c40@localhost>
References: <6.1.2.0.2.20041024230022.02d16c40@localhost>
Message-ID: <6.1.2.0.2.20041025203923.02d16f38@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 23:20 2004-10-24, Per Tunedal Casual wrote:
>
>What are the security implications? It cannot be meaningful to choose a
>cipher that produces a longer key than the password can generate. If SHA-1
>is the limit, then you've got 160 bits. Thus a cipher with 256 bits would
>be overkill. If the password is used directly the calculation must be based
>on the strength of the password used by the individual, I suppose.
>
>V?nligen
>Per Tunedal
I thought once more about this :-)
It's hard enough to put up a passphrase that matches an 128 bit-key. The
hash, if any, doesn't matter, because it can hardly decrease the strength
of the passphrase,.
Thus any cipher with a key longer than 128-bits is overkill when you
encrypt symmetrically. Right?
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955
Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBfUnFaDDfzFT+2PIRAh6eAJ0Ux1pUvVosKAPk2mLH6/Ia3RknAQCfTvMX
Nk9QL074m6uFiNcel720vsE=
=20a5
-----END PGP SIGNATURE-----
From servie_tech at yahoo.com Tue Oct 26 05:09:02 2004
From: servie_tech at yahoo.com (Servie Platon)
Date: Tue Oct 26 05:06:06 2004
Subject: make: *** [install-recursive] Error 1
Message-ID: <20041026030902.79948.qmail@web52501.mail.yahoo.com>
Hi folks,
I got an error message as shown above after I issued
the command make install at my home directory
As far as I can remember, Mr. Werner Koch posted a
howto on the gnupg site but could not find the URL.
Someone from this list, gave me the URL for the answer
but I must have misplaced the email. I should have
printed the document when I had the chance but I
forgot to. Sorry about this folks.
I have a running gnupg 1.2.4 on a FC2 and I would like
to test the gnupg 1.3.91 for my FC2 desktop systems.
I have already tested gnupg 1.3.91 for my other win32
boxes and thus far, it didn't give me any problems.
Any thoughts on this would be highly appreciated.
Thanks.
Sincerely,
Servie
=====
Sincerely,
Servie Platon
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
From atom at suspicious.org Tue Oct 26 07:58:48 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Tue Oct 26 07:55:52 2004
Subject: Symmetric encryption
In-Reply-To: <6.1.2.0.2.20041025203923.02d16f38@localhost>
References: <6.1.2.0.2.20041024230022.02d16c40@localhost>
<6.1.2.0.2.20041025203923.02d16f38@localhost>
Message-ID: <20041026055905.88507.qmail@suspicious.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, 25 Oct 2004, Per Tunedal Casual wrote:
> I thought once more about this :-) It's hard enough to put up a
> passphrase that matches an 128 bit-key. The hash, if any, doesn't
> matter, because it can hardly decrease the strength of the passphrase,.
>
> Thus any cipher with a key longer than 128-bits is overkill when you
> encrypt symmetrically. Right?
===================
i have several passphrases that are 20+ characters. 22 characters of
uppercase, lowercase, numbers and spaces is *stronger* than 128 bit.
that's not counting the full range of characters that can be used...
assuming that 95 characters are generally suitable (read: safe) for use in
passphrases, it only takes a theoretical 19.5 characters to equal 128 bits
and 39 characters to hit 256 bits. such passphrases may not be suitable
for all applications, but they're not entirely ridiculous. IMHO it's
posible to come up with passwords that are that long, easy to remember and
strong.
AFAIK, the session key used for symmetric encryption is derived from the
user supplied passphrase, then salted and iterated (this may have changed
recently). if symmetric and asymmetric encryption is used then the session
key is derived in the usual random way.
- --
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"I am committed to helping Ohio deliver its electoral
votes to the president [Bush] next year"
-- Walden O'Dell, CEO of Diebold
August 2003
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBfeeeAAoJEAx/d+cTpVciXBAH+gJV5OlrMU4xsj3Z9S7M2zfl
3k2VZEjleORrdj0uAvOeSItGsQG3T/kvhWCUSEpEH02QEk9zkf32JyGJ/64sjMlH
p0Xqrr4WuWiChOOS9fm4p47cywNJICYgCK9yqhMSLiByzEeJzDt5KtOlfEYaatRP
GJlfxNFKlLVEl+C9kzbTCTmgGJvpM8Hgp2ec+XuTleADjI0H4Nf5iJpvREdY8CQF
6j5ZBwHfNdK9aBjTbZKtEImrV497bcFnTVd1kvwsK1HV6hmy3O/U85MsNF4hwFVa
quC+87Sn6zyx1IRiSDot1KUfHKpLQQDU+ZmYetkj2u3kV8tOqJGdhuQKm3QzNlc=
=+knf
-----END PGP SIGNATURE-----
From mamta.mehra at us.ing.com Mon Oct 25 15:59:28 2004
From: mamta.mehra at us.ing.com (Mamta Mehra)
Date: Tue Oct 26 08:57:50 2004
Subject: gpg: fatal: can't open /dev/urandom on AIX 5.2
Message-ID:
We are implementing GnuPGP 1.2.1 on AIX 5.2. when we try to creating the
PGP keys, we are getting following error:
gpg: fatal: can't open /dev/urandom:
Our Unix team have verified the access to /dev/urandom device from user.
Alternatively, we have also failed to create GPG keys when running as Unix
root user.
Looking forward for help.
Regards,
Mamta Mehra
ING AMERICAS - Technology Management Office
------------------------------------------------------------------------------
NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it.
==============================================================================
From wk at gnupg.org Tue Oct 26 11:23:14 2004
From: wk at gnupg.org (Werner Koch)
Date: Tue Oct 26 11:35:15 2004
Subject: gpg: fatal: can't open /dev/urandom on AIX 5.2
In-Reply-To:
(Mamta Mehra's message of "Mon, 25 Oct 2004 08:59:28 -0500")
References:
Message-ID: <87r7nlltod.fsf@wheatstone.g10code.de>
On Mon, 25 Oct 2004 08:59:28 -0500, Mamta Mehra said:
> PGP keys, we are getting following error:
> gpg: fatal: can't open /dev/urandom:
Are you sure that you did not miss the end of the line? It should
show the actual error message.
You should also update to the latest gpg version which is 1.2.6; there
are some fixes for AIX in it.
> Our Unix team have verified the access to /dev/urandom device from
> user.
Are the permissions of /dev/urandom correct?
Shalom-Salam,
Werner
From wk at gnupg.org Tue Oct 26 11:18:37 2004
From: wk at gnupg.org (Werner Koch)
Date: Tue Oct 26 11:36:01 2004
Subject: make: *** [install-recursive] Error 1
In-Reply-To: <20041026030902.79948.qmail@web52501.mail.yahoo.com> (Servie
Platon's message of "Mon, 25 Oct 2004 20:09:02 -0700 (PDT)")
References: <20041026030902.79948.qmail@web52501.mail.yahoo.com>
Message-ID: <87vfcxltw2.fsf@wheatstone.g10code.de>
On Mon, 25 Oct 2004 20:09:02 -0700 (PDT), Servie Platon said:
> I got an error message as shown above after I issued
> the command make install at my home directory
You should us tell a little bit more than just the last line of a long
bulk of output. Usually 30 from the end of the run are sufficient but
it might need more. There should be at least the real error visible
and not just the one from make. We also need to know, how you invoked
configure.
Werner
From pt at radvis.nu Tue Oct 26 13:24:26 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Tue Oct 26 13:19:20 2004
Subject: Symmetric encryption
In-Reply-To: <20041026055905.88507.qmail@suspicious.org>
References: <6.1.2.0.2.20041024230022.02d16c40@localhost>
<6.1.2.0.2.20041025203923.02d16f38@localhost>
<20041026055905.88507.qmail@suspicious.org>
Message-ID: <6.1.2.0.2.20041026131522.02d17060@localhost>
At 07:58 2004-10-26, you wrote:
>On Mon, 25 Oct 2004, Per Tunedal Casual wrote:
>
>> I thought once more about this :-) It's hard enough to put up a
>> passphrase that matches an 128 bit-key. The hash, if any, doesn't
>> matter, because it can hardly decrease the strength of the passphrase,.
>>
>> Thus any cipher with a key longer than 128-bits is overkill when you
>> encrypt symmetrically. Right?
>===================
>
>i have several passphrases that are 20+ characters. 22 characters of
>uppercase, lowercase, numbers and spaces is *stronger* than 128 bit.
>
>that's not counting the full range of characters that can be used...
>assuming that 95 characters are generally suitable (read: safe) for use in
>passphrases, it only takes a theoretical 19.5 characters to equal 128 bits
>and 39 characters to hit 256 bits. such passphrases may not be suitable
>for all applications, but they're not entirely ridiculous. IMHO it's
>posible to come up with passwords that are that long, easy to remember and
>strong.
>
>AFAIK, the session key used for symmetric encryption is derived from the
>user supplied passphrase, then salted and iterated (this may have changed
>recently). if symmetric and asymmetric encryption is used then the session
>key is derived in the usual random way.
>
>
>- --
> ...atom
>
In that case it's important to know how the session key for symmetric
encryption is derived from the passphrase. If hashing with SHA-1 i used
that will set the limit to 160 bits.
In that case AES192 would be appropriate - only 32 bits wasted :-). AES256
or TWOFISH would be ridiculous, wouldn't it?
Per Tunedal
From mamta.mehra at us.ing.com Tue Oct 26 14:54:50 2004
From: mamta.mehra at us.ing.com (Mamta Mehra)
Date: Tue Oct 26 15:04:15 2004
Subject: gpg: fatal: can't open /dev/urandom on AIX 5.2
Message-ID:
Its open to world in other word yes it has the correct permission. We also
try to create the keys using root userID but still getting same error.
Thanks
Mamta Mehra
Werner Koch
To: Mamta Mehra/US/AMERICAS@AMERICAS
cc: gnupg-users@gnupg.org
10/26/2004 04:23 Subject: Re: gpg: fatal: can't open /dev/urandom on AIX 5.2
AM
On Mon, 25 Oct 2004 08:59:28 -0500, Mamta Mehra said:
> PGP keys, we are getting following error:
> gpg: fatal: can't open /dev/urandom:
Are you sure that you did not miss the end of the line? It should
show the actual error message.
You should also update to the latest gpg version which is 1.2.6; there
are some fixes for AIX in it.
> Our Unix team have verified the access to /dev/urandom device from
> user.
Are the permissions of /dev/urandom correct?
Shalom-Salam,
Werner
------------------------------------------------------------------------------
NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it.
==============================================================================
From kairaven at arcor.de Tue Oct 26 17:57:30 2004
From: kairaven at arcor.de (Kai Raven)
Date: Tue Oct 26 17:58:09 2004
Subject: No sig-notation with 1.3.91?
Message-ID: <20041026175730.43d6e586@matrix.localdomain.intern>
Hi,
i tried to test sig-notation with GnuPG 1.3.91 together with a new DSA
key and had added
sig-notation signotation@test="Signature Notation Test"
in the gpg.conf.
GnuPG complains with:
"notations cannot be inscribed on a v3 (PGP2.x-like) key"
--
Ciao
Kai
WWW: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0xD6E995A0
Jabber: kraven@jabber.ccc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 853 bytes
Desc: not available
Url : /pipermail/attachments/20041026/65f1cd10/attachment.bin
From servie_tech at yahoo.com Tue Oct 26 18:46:42 2004
From: servie_tech at yahoo.com (Servie Platon)
Date: Tue Oct 26 18:45:02 2004
Subject: make: *** [install-recursive] Error 1
In-Reply-To: <87vfcxltw2.fsf@wheatstone.g10code.de>
Message-ID: <20041026164642.87836.qmail@web52504.mail.yahoo.com>
Hi Mr. Koch,
Sorry if I just replied now. Anyways, I dug a little
bit further by doing make install as root or shall I
say did a su at the console and everything turned out
fine.
For the most part, if one is logged in as ordinary
user and not root, we are almost certain that this
error would come up or unless otherwise? This could be
due to directory permissions which are in place that
simply disallows me to write on it.
Anyways, appreciate the the reply by gnupg gurus
willing to help. I now, have a running development
version 1.3.91 of gnupg.... Thanks again....
Thank you very much Sir.
Sincerely,
Servie
--- Werner Koch wrote:
> On Mon, 25 Oct 2004 20:09:02 -0700 (PDT), Servie
> Platon said:
>
> > I got an error message as shown above after I
> issued
> > the command make install at my home directory
>
> You should us tell a little bit more than just the
> last line of a long
> bulk of output. Usually 30 from the end of the run
> are sufficient but
> it might need more. There should be at least the
> real error visible
> and not just the one from make. We also need to
> know, how you invoked
> configure.
>
> Werner
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
=====
Sincerely,
Servie Platon
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
From chd at chud.net Tue Oct 26 20:36:37 2004
From: chd at chud.net (Chris De Young)
Date: Tue Oct 26 21:25:23 2004
Subject: Passphrase entropy (was Re: Symmetric encryption)
In-Reply-To: <20041026055905.88507.qmail@suspicious.org>
References: <6.1.2.0.2.20041024230022.02d16c40@localhost>
<6.1.2.0.2.20041025203923.02d16f38@localhost>
<20041026055905.88507.qmail@suspicious.org>
Message-ID: <20041026183637.GC9613@dionysus.chud.net>
> i have several passphrases that are 20+ characters. 22 characters of
> uppercase, lowercase, numbers and spaces is *stronger* than 128 bit.
>
> that's not counting the full range of characters that can be used...
> assuming that 95 characters are generally suitable (read: safe) for use in
> passphrases, it only takes a theoretical 19.5 characters to equal 128 bits
> and 39 characters to hit 256 bits.
How does that work? (Ok, this is probably a dumb question, but...)
I had thought that English has only somewhere around 1.5 bits worth of
entropy per character. A passphrase certainly could have more than
that because it's not necessarily real English, uses a wider character
set, and so on... is that difference really enough? 19.5 8-bit
characters is 156 bits; that seems (intuitively, which granted can be
misleading) to be getting closer to real randomness than a passphrase
would allow. At least, any passphrase that someone could
remember. :-) It's only 3.5 characters longer than 128 bits, after
all.
Cheers,
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041026/9ff8fe7a/attachment.bin
From rmalayter at bai.org Tue Oct 26 21:51:21 2004
From: rmalayter at bai.org (Ryan Malayter)
Date: Tue Oct 26 21:48:20 2004
Subject: Passphrase entropy (was Re: Symmetric encryption)
Message-ID: <792DE28E91F6EA42B4663AE761C41C2A03164A74@cliff.bai.org>
[Chris De Young]
> I had thought that English has only somewhere around 1.5 bits worth of
> entropy per character. A passphrase certainly could have more than
> that because it's not necessarily real English, uses a wider character
> set, and so on... is that difference really enough? 19.5 8-bit
> characters is 156 bits; that seems (intuitively, which granted can be
> misleading) to be getting closer to real randomness than a passphrase
> would allow. At least, any passphrase that someone could
> remember. :-) It's only 3.5 characters longer than 128 bits, after
> all.
There are 95 "printable" characters on a US keyboard, including the
space character. (We dumb Americans can't deal with those crazy accented
characters.)
95 ~= 2^6.57
So we have 6.57 bits of entropy per character, assuming we select or
characters totally randomly.
128/6.57 ~= 19.48
So we need 19.5 characters to get 128 bits of entropy in our pass
phrase. Since you can't enter half-characters, you really need a 20
character pass phrase.
Any non-randomness you add to the process (using real words, using the
first letters of each word from a sentence, for example) severely
decreases the amount of entropy per character. English prose has about
1.5 bits of entropy per character, which means you'd need an
86-character pass phrase of English text to get 128 bits of entropy.
That's a lot to remember.
Incidentally, the entropy of English text has usually been calculated by
its compressibility. The very best arithmetic compression algorithms
(e.g. PPM) will compress a large body of English text down to about 20%
of its original size. 8 * 0.2 = 1.6, which is why we frequently see the
"1.5 bits per character" entropy number for English.
Regards,
Ryan
From kairaven at arcor.de Tue Oct 26 21:57:28 2004
From: kairaven at arcor.de (Kai Raven)
Date: Tue Oct 26 22:04:13 2004
Subject: sig-keyserver-url with 1.3.91
Message-ID: <20041026215728.6d646467@matrix.localdomain.intern>
Hi,
added sig-keyserver-url hkp://sks.keyserver.penguin.de
in gpg.conf.
Is it right, that i have to add no-force-v3-sigs too, but than no PGP 5
- 7 user can verify my signatures?
Because without no-force-v3-sigs, GnuPG complains
"can't put a preferred keyserver URL into v3 signatures."
With no-force-v3-sigs, the option sig-notation works too, but the
notation doesn't appear with gpg --verify --list-options
show-notations.
--
Ciao
Kai
WWW: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0xD6E995A0
Jabber: kraven@jabber.ccc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 975 bytes
Desc: not available
Url : /pipermail/attachments/20041026/26ab8b71/attachment.bin
From rmalayter at bai.org Tue Oct 26 21:55:37 2004
From: rmalayter at bai.org (Ryan Malayter)
Date: Tue Oct 26 22:05:26 2004
Subject: Passphrase entropy (was Re: Symmetric encryption)
Message-ID: <792DE28E91F6EA42B4663AE761C41C2A03164A77@cliff.bai.org>
Here's a link to a very good paper about calculating the entropy of
English text:
http://tinyurl.com/3n6ax
From kairaven at arcor.de Tue Oct 26 22:54:11 2004
From: kairaven at arcor.de (Kai Raven)
Date: Tue Oct 26 22:53:06 2004
Subject: sig-keyserver-url with 1.3.91
In-Reply-To: <20041026215728.6d646467@matrix.localdomain.intern>
References: <20041026215728.6d646467@matrix.localdomain.intern>
Message-ID: <20041026225411.4d381fdc@matrix.localdomain.intern>
Hi,
On Tue, 26 Oct 2004 21:57:28 +0200 you wrote:
> but the
> notation doesn't appear with gpg --verify --list-options
> show-notations.
sorry, i have missed --verify-options.
--
Ciao
Kai
WWW: http://kai.iks-jena.de/
Blog: http://rabenhorst.blogg.de/
GnuPG-Key: 0xD6E995A0
Jabber: kraven@jabber.ccc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 979 bytes
Desc: not available
Url : /pipermail/attachments/20041026/664a2ed6/attachment-0001.bin
From vedaal at hush.com Tue Oct 26 23:53:09 2004
From: vedaal at hush.com (vedaal@hush.com)
Date: Tue Oct 26 23:50:44 2004
Subject: Passphrase entropy (was Re: Symmetric encryption)
Message-ID: <200410262153.i9QLr9U2094429@mailserver2.hushmail.com>
>Message: 6
>Date: Tue, 26 Oct 2004 14:51:21 -0500
>From: "Ryan Malayter"
>Subject: RE: Passphrase entropy (was Re: Symmetric encryption)
>To:
>Message-ID: <792DE28E91F6EA42B4663AE761C41C2A03164A74@cliff.bai.org>
>Content-Type: text/plain; charset="us-ascii"
[...]
>So we need 19.5 characters to get 128 bits of entropy in our pass
>phrase. Since you can't enter half-characters, you really need a
>20
>character pass phrase.
>
>Any non-randomness you add to the process (using real words, using
>the
>first letters of each word from a sentence, for example) severely
>decreases the amount of entropy per character. English prose has
>about
>1.5 bits of entropy per character, which means you'd need an
>86-character pass phrase of English text to get 128 bits of entropy.
>That's a lot to remember.
alternatively,
a 10 word diceware passphrase (40 -50 characters)has about the same security
as a 128 bit symmetrical cipher,
and a 20 word diceware passphrase (80 -100 characters),
would correspond to a 256 bit cipher
there are 7776 words in the diceware (english) list
(btw, AGR will gladly post links on his page to anyone who wants to provide
non-english equivalent diceware lists)
estimate this as 8000, or (2^3)(10^3)
and as 2^10 (1024) approx. = (10^3),
so, further approximate this as (2^13),
(2^128) approx. = 2^(13 x 10)
(2^256) approx. = 2^(13 x 20)
the diceware passphrases are random, and not difficult to remember,
(but may be difficult to type accurately from the commandline,
when you can't see what you're typing and where you're holding ;-) )
vedaal
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
From zwon at severodvinsk.ru Tue Oct 26 23:50:00 2004
From: zwon at severodvinsk.ru (Pawel Shajdo)
Date: Tue Oct 26 23:51:53 2004
Subject: Symmetric encryption
In-Reply-To: <6.1.2.0.2.20041026131522.02d17060@localhost>
References: <6.1.2.0.2.20041024230022.02d16c40@localhost>
<6.1.2.0.2.20041025203923.02d16f38@localhost>
<20041026055905.88507.qmail@suspicious.org>
<6.1.2.0.2.20041026131522.02d17060@localhost>
Message-ID: <20041026215000.GA1410@sky.schizandra.ru>
On Tue, Oct 26, 2004 at 01:24:26PM +0200, Per Tunedal Casual wrote:
> In that case it's important to know how the session key for symmetric
> encryption is derived from the passphrase. If hashing with SHA-1 i used
> that will set the limit to 160 bits.
No. See RFC2440 section 3.6 for description
>
> In that case AES192 would be appropriate - only 32 bits wasted :-). AES256
> or TWOFISH would be ridiculous, wouldn't it?
>
> Per Tunedal
--
Pawel Shajdo
From vedaal at hush.com Tue Oct 26 23:53:09 2004
From: vedaal at hush.com (vedaal@hush.com)
Date: Wed Oct 27 00:18:41 2004
Subject: Passphrase entropy (was Re: Symmetric encryption)
Message-ID: <200410262153.i9QLr9U2094429@mailserver2.hushmail.com>
>Message: 6
>Date: Tue, 26 Oct 2004 14:51:21 -0500
>From: "Ryan Malayter"
>Subject: RE: Passphrase entropy (was Re: Symmetric encryption)
>To:
>Message-ID: <792DE28E91F6EA42B4663AE761C41C2A03164A74@cliff.bai.org>
>Content-Type: text/plain; charset="us-ascii"
[...]
>So we need 19.5 characters to get 128 bits of entropy in our pass
>phrase. Since you can't enter half-characters, you really need a
>20
>character pass phrase.
>
>Any non-randomness you add to the process (using real words, using
>the
>first letters of each word from a sentence, for example) severely
>decreases the amount of entropy per character. English prose has
>about
>1.5 bits of entropy per character, which means you'd need an
>86-character pass phrase of English text to get 128 bits of entropy.
>That's a lot to remember.
alternatively,
a 10 word diceware passphrase (40 -50 characters)has about the same security
as a 128 bit symmetrical cipher,
and a 20 word diceware passphrase (80 -100 characters),
would correspond to a 256 bit cipher
there are 7776 words in the diceware (english) list
(btw, AGR will gladly post links on his page to anyone who wants to provide
non-english equivalent diceware lists)
estimate this as 8000, or (2^3)(10^3)
and as 2^10 (1024) approx. = (10^3),
so, further approximate this as (2^13),
(2^128) approx. = 2^(13 x 10)
(2^256) approx. = 2^(13 x 20)
the diceware passphrases are random, and not difficult to remember,
(but may be difficult to type accurately from the commandline,
when you can't see what you're typing and where you're holding ;-) )
vedaal
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
From pt at radvis.nu Wed Oct 27 13:53:43 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Wed Oct 27 13:49:03 2004
Subject: Symmetric encryption
In-Reply-To: <20041026215000.GA1410@sky.schizandra.ru>
References: <6.1.2.0.2.20041024230022.02d16c40@localhost>
<6.1.2.0.2.20041025203923.02d16f38@localhost>
<20041026055905.88507.qmail@suspicious.org>
<6.1.2.0.2.20041026131522.02d17060@localhost>
<20041026215000.GA1410@sky.schizandra.ru>
Message-ID: <6.1.2.0.2.20041027134404.02d171b8@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 23:50 2004-10-26, you wrote:
>On Tue, Oct 26, 2004 at 01:24:26PM +0200, Per Tunedal Casual wrote:
>> In that case it's important to know how the session key for
>> symmetric
>> encryption is derived from the passphrase. If hashing with SHA-1 i
>> used
>> that will set the limit to 160 bits.
>No. See RFC2440 section 3.6 for description
>>
>> In that case AES192 would be appropriate - only 32 bits wasted :-).
>> AES256
>> or TWOFISH would be ridiculous, wouldn't it?
>>
>> Per Tunedal
>
>--
> Pawel Shajdo
>
I read http://sunsite.icm.edu.pl/gnupg/rfc2440-3.html today.
As far as I can understand the key used for symmetric encryption is
derived from the
user supplied passphrase by hashing it (+ salting and maybe iterating
it). Thus the hash sets the limit. I suppose SHA-1 is used. Then we
will have 160 true bits. A key-length of e.g. 256 bits would be
overkill.
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Vad ?r en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBf4wuaDDfzFT+2PIRAoK0AKCQLzMzfvumFr2gIoz9Dp++UD4SJQCdFVP1
3U9N4crA96vw7f06nTPLOhk=
=M1rX
-----END PGP SIGNATURE-----
From sebastian at karotte.org Wed Oct 27 14:03:12 2004
From: sebastian at karotte.org (Sebastian Wiesinger)
Date: Wed Oct 27 13:59:46 2004
Subject: setpref syntax
Message-ID: <20041027120312.GA17300@data.fire-world.de>
Hi,
perhaps I'm blind but is there a way to get a list of *all* the "S1 S2
Z3" etc. keywords mapped to the actual cipher/algo names?
Regards,
Sebastian
--
GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
Wehret den Anfaengen: http://odem.org/informationsfreiheit/
Thunder rolled. ... It rolled a six.
--Terry Pratchett, Guards! Guards!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 283 bytes
Desc: Digital signature
Url : /pipermail/attachments/20041027/069ce71c/attachment.bin
From dshaw at jabberwocky.com Wed Oct 27 14:14:57 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Wed Oct 27 14:12:19 2004
Subject: setpref syntax
In-Reply-To: <20041027120312.GA17300@data.fire-world.de>
References: <20041027120312.GA17300@data.fire-world.de>
Message-ID: <20041027121457.GE16310@jabberwocky.com>
On Wed, Oct 27, 2004 at 02:03:12PM +0200, Sebastian Wiesinger wrote:
> Hi,
>
> perhaps I'm blind but is there a way to get a list of *all* the "S1 S2
> Z3" etc. keywords mapped to the actual cipher/algo names?
gpg -v --version
But note that in 1.4, you don't need to use "S1 S2 Z3" any longer
since it understands "IDEA, 3DES, BZIP2".
David
From sebastian at karotte.org Wed Oct 27 14:28:21 2004
From: sebastian at karotte.org (Sebastian Wiesinger)
Date: Wed Oct 27 14:24:52 2004
Subject: setpref syntax
In-Reply-To: <20041027121457.GE16310@jabberwocky.com>
References: <20041027120312.GA17300@data.fire-world.de>
<20041027121457.GE16310@jabberwocky.com>
Message-ID: <20041027122820.GB17300@data.fire-world.de>
* David Shaw [2004-10-27 14:19]:
> On Wed, Oct 27, 2004 at 02:03:12PM +0200, Sebastian Wiesinger wrote:
> > Hi,
> >
> > perhaps I'm blind but is there a way to get a list of *all* the "S1 S2
> > Z3" etc. keywords mapped to the actual cipher/algo names?
>
> gpg -v --version
Ah ok, I tried gpg --version -v, that didn't work. :)
> But note that in 1.4, you don't need to use "S1 S2 Z3" any longer
> since it understands "IDEA, 3DES, BZIP2".
Great. Thanks for your answers.
Sebastian
--
GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
Wehret den Anfaengen: http://odem.org/informationsfreiheit/
Thunder rolled. ... It rolled a six.
--Terry Pratchett, Guards! Guards!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 283 bytes
Desc: Digital signature
Url : /pipermail/attachments/20041027/4b2b74bb/attachment.bin
From vedaal at hush.com Wed Oct 27 21:13:47 2004
From: vedaal at hush.com (vedaal@hush.com)
Date: Wed Oct 27 21:10:26 2004
Subject: setpref syntax
Message-ID: <200410271913.i9RJDm0d003861@mailserver2.hushmail.com>
Sebastian Wiesinger sebastian at karotte.org wrote:
> Ah ok, I tried gpg --version -v, that didn't work. :)
maybe in 1.4 one -v is enough,
but in 1.3.x it needs verbose twice:
C:\GNUPG>gpg -v -v --version
gpg (GnuPG) 1.3.6
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT be
used in a production environment or with production keys!
Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192
(S8), AES256 (S9), TWOFISH (S10)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
SHA512 (H10)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2)
vedaal
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
From vedaal at hush.com Wed Oct 27 22:30:49 2004
From: vedaal at hush.com (vedaal@hush.com)
Date: Wed Oct 27 22:27:38 2004
Subject: setpref syntax // my mistake ;-( // one -v enough
Message-ID: <200410272030.i9RKUnwH028559@mailserver2.hushmail.com>
- wrote
>maybe in 1.4 one -v is enough,
>but in 1.3.x it needs verbose twice:
works fine with:
gpg -v --version
must have typed it wrong the first time,
sorry,
vedaal
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
From hmujtaba at forumsys.com Thu Oct 28 00:18:06 2004
From: hmujtaba at forumsys.com (Hasnain Mujtaba)
Date: Thu Oct 28 00:15:16 2004
Subject: PGP5 and v4 GPG keys
Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3BD@bstn-exch1.forumsys.com>
Hello,
I read in an old GPG archives message (dated 2000) that PGP5.x cannot
encrypt a message using a GPG v4 public key. RFC2440 says something
about PGP5 not being able to properly encrypt to RSA v4 keys. Are these
two issues related?
Can anyone shed light on this problem. Why is PGP 5 picky about RSA v4
keys?
Thanks
Hasnain.
----
The information contained in this electronic mail and any attached
document is the confidential and proprietary business information of
Forum Systems, Inc. It is intended solely for the addressed recipient
listed above. It may not be distributed in any manner without the
express written consent of Forum Systems, Inc.
From dshaw at jabberwocky.com Thu Oct 28 00:33:51 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Oct 28 00:31:12 2004
Subject: PGP5 and v4 GPG keys
In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3BD@bstn-exch1.forumsys.com>
References: <4DCE15B9C4E66F4CA967EBF64C53D64D67B3BD@bstn-exch1.forumsys.com>
Message-ID: <20041027223351.GA18931@jabberwocky.com>
On Wed, Oct 27, 2004 at 06:18:06PM -0400, Hasnain Mujtaba wrote:
> Hello,
>
> I read in an old GPG archives message (dated 2000) that PGP5.x cannot
> encrypt a message using a GPG v4 public key. RFC2440 says something
> about PGP5 not being able to properly encrypt to RSA v4 keys. Are these
> two issues related?
>
> Can anyone shed light on this problem. Why is PGP 5 picky about RSA v4
> keys?
PGP 5 predates OpenPGP, and as such is not OpenPGP compatible. GnuPG
is OpenPGP. It's a miracle they communicate at all.
David
From hmujtaba at forumsys.com Thu Oct 28 02:24:25 2004
From: hmujtaba at forumsys.com (Hasnain Mujtaba)
Date: Thu Oct 28 02:21:34 2004
Subject: PGP5 and v4 GPG keys
Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D19043E@bstn-exch1.forumsys.com>
Thanks for the response David. I am having some problems with v4 RSA
keys. I have an RSA keypair generated by an open source tool. I can load
it into GPG 1.2.4 using the command: gpg --allow-secret-key-import
--import. I can then use GPG to encrypt a file using the keypair. But
when I give GPG the encrypted file to decrypt, I see the following
message:
gpg: public key decryption failed: wrong secret key used
gpg: decryption failed: secret key not available.
The key pair is attached. The password is password. Would it be possible
for you to run an encrypt/decrypt test with this keypair to see if you
can reproduce this error?
Thanks much.
Hasnain.
-----Original Message-----
From: gnupg-users-bounces@gnupg.org
[mailto:gnupg-users-bounces@gnupg.org] On Behalf Of David Shaw
Sent: Wednesday, October 27, 2004 6:34 PM
To: gnupg-users@gnupg.org
Subject: Re: PGP5 and v4 GPG keys
On Wed, Oct 27, 2004 at 06:18:06PM -0400, Hasnain Mujtaba wrote:
> Hello,
>
> I read in an old GPG archives message (dated 2000) that PGP5.x cannot
> encrypt a message using a GPG v4 public key. RFC2440 says something
> about PGP5 not being able to properly encrypt to RSA v4 keys. Are
these
> two issues related?
>
> Can anyone shed light on this problem. Why is PGP 5 picky about RSA v4
> keys?
PGP 5 predates OpenPGP, and as such is not OpenPGP compatible. GnuPG
is OpenPGP. It's a miracle they communicate at all.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RSA-3-3-36.asc
Type: application/octet-stream
Size: 3002 bytes
Desc: RSA-3-3-36.asc
Url : /pipermail/attachments/20041027/62a3cd3a/RSA-3-3-36.exe
From dshaw at jabberwocky.com Thu Oct 28 04:31:50 2004
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu Oct 28 04:29:11 2004
Subject: PGP5 and v4 GPG keys
In-Reply-To: <4DCE15B9C4E66F4CA967EBF64C53D64D19043E@bstn-exch1.forumsys.com>
References: <4DCE15B9C4E66F4CA967EBF64C53D64D19043E@bstn-exch1.forumsys.com>
Message-ID: <20041028023150.GB21155@jabberwocky.com>
On Wed, Oct 27, 2004 at 08:24:25PM -0400, Hasnain Mujtaba wrote:
> Thanks for the response David. I am having some problems with v4 RSA
> keys. I have an RSA keypair generated by an open source tool. I can load
> it into GPG 1.2.4 using the command: gpg --allow-secret-key-import
> --import. I can then use GPG to encrypt a file using the keypair. But
> when I give GPG the encrypted file to decrypt, I see the following
> message:
>
> gpg: public key decryption failed: wrong secret key used
> gpg: decryption failed: secret key not available.
>
> The key pair is attached. The password is password. Would it be possible
> for you to run an encrypt/decrypt test with this keypair to see if you
> can reproduce this error?
That key is broken. As a guess, it seems that the private half is not
really the private half for the public key. Corrupt, perhaps.
David
From wk at gnupg.org Thu Oct 28 12:42:14 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 28 13:12:09 2004
Subject: [Announce] GnuPG 1.3.92 released (development)
Message-ID: <873bzzdszd.fsf@wheatstone.g10code.de>
Skipped content of type multipart/signed-------------- next part --------------
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From wk at gnupg.org Thu Oct 28 14:30:58 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 28 14:43:31 2004
Subject: [Announce] GnuPG 1.3.92 released (development)
Message-ID: <87d5z3c9dp.fsf@wheatstone.g10code.de>
[Obviously Mailman broke the PGP/MIME signature again. Therefore I see
no other way than to repost it using the plain old clear sign format]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello!
The latest release from the development branch of GnuPG is ready for
public consumption. This is a branch to create what will extremely
soon become the new stable release of GnuPG 1.4.
We strongly encourage people to try this development release and
report any feedback or problems to gnupg-devel@gnupg.org. If you have
been waiting until the 1.4 release is imminent before trying the code,
that time is now.
The files are available from:
Gzipped:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz (3.8M)
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz.sig
Bzip2ed:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.bz2 (2.6M)
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.bz2.sig
or as a patch against the 1.3.91 source:
ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92-1.3.92.diff.gz (602k)
MD5 checksums for the files are:
285789af00856a12354fd3d967cf61b4 gnupg-1.3.92.tar.gz
bc9ee1f97d22dc727a00dfbfe2ebbf5e gnupg-1.3.92.tar.bz2
4ea581339dcf46cd8c21d928d4f9b759 gnupg-1.3.91-1.3.92.diff.gz
SHA1 checksums for the files are:
e03bb8d584fcf6c2a4567027012ce8012d6f85ec gnupg-1.3.92.tar.gz
e208f9db3fcab4b0c9afc089b6eff49a739289dc gnupg-1.3.92.tar.bz2
620f045f49d02f210edb95e3f2c6f9a42b72632c gnupg-1.3.91-1.3.92.diff.gz
A compiled version for MS Windows is available:
ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.3.92.zip (1.5M)
ftp://ftp.gnupg.org/gcrypt/alpha/binary/gnupg-w32cli-1.3.92.zip.sig
For proper internationalization you should have the GNU iconv.dll
installed. For convenience we make this DLL available at:
ftp://ftp.gnupg.org/gcrypt/binary/libiconv-1.9.1.dll.zip (644k)
ftp://ftp.gnupg.org/gcrypt/binary/libiconv-1.9.1.dll.zip.sig
MD5 checksums for the files are:
a5967c5b466e7fb3cf176a30623f55bd gnupg-w32cli-1.3.92.zip
f3582d28862c539d2f655ade5e141f2f libiconv-1.9.1.dll.zip
Noteworthy changes in version 1.3.92 (2004-10-28)
- -------------------------------------------------
* Added Russian man page. Thanks to Pawel I. Shajdo.
* libiconv is now used to support other character sets other than
UTF-8, Latin-1,-2 and KOI8-2. The W32 version will only work
correctly when iconv.dll is installed on the system. A binary
version is available at all GNU mirror sites under libiconv.
* gettext for Windows has been simplified. The MO files are now
distributed UTF-8 encoded and gpg translates on the fly.
Enjoy!
The GnuPG team (David, Stefan, Timo and Werner)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (GNU/Linux)
iEYEARECAAYFAkGA5cYACgkQYHhOlAEKV+3tHACfVCC7nAQBcaFseqI/F5onSnDT
wccAn0RofBK6+v2cDHt3NrL6iojgaY5+
=OtpX
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-announce mailing list
Gnupg-announce@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
From zuxy.meng at gmail.com Thu Oct 28 18:29:53 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Thu Oct 28 18:26:59 2004
Subject: [Announce] GnuPG 1.3.92 released (development)
In-Reply-To: <87d5z3c9dp.fsf@wheatstone.g10code.de>
References: <87d5z3c9dp.fsf@wheatstone.g10code.de>
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Bravo! Many many thanks on behalf of CJK users!
On Thu, 28 Oct 2004 14:30:58 +0200, Werner Koch wrote:
>
> Noteworthy changes in version 1.3.92 (2004-10-28)
> - -------------------------------------------------
>
> * Added Russian man page. Thanks to Pawel I. Shajdo.
>
> * libiconv is now used to support other character sets other than
> UTF-8, Latin-1,-2 and KOI8-2. The W32 version will only work
> correctly when iconv.dll is installed on the system. A binary
> version is available at all GNU mirror sites under libiconv.
>
> * gettext for Windows has been simplified. The MO files are now
> distributed UTF-8 encoded and gpg translates on the fly.
>
> Enjoy!
BTW: Why not add BZIP support to Win32 binaries?
- --
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (MingW32)
iGMEAREDACMFAkGBHlUFgwB2pwAWGGhrcDovL3N1YmtleXMucGdwLm5ldAAKCRDv
AMJ46FVe1t5CAJ0RYba+FzIhaOF4tbTankn0h4/xxACfcgbLshKxh/KNnhE0Aeyp
450S3Dc=
=y2FM
-----END PGP SIGNATURE-----
From zuxy.meng at gmail.com Thu Oct 28 19:15:26 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Thu Oct 28 19:12:26 2004
Subject: [Announce] GnuPG 1.3.91 released (development)
In-Reply-To: <20041024010844.81863.qmail@web52509.mail.yahoo.com>
References:
<20041024010844.81863.qmail@web52509.mail.yahoo.com>
Message-ID:
On Sat, 23 Oct 2004 18:08:44 -0700 (PDT), Servie Platon
wrote:
> Hi Zuky,
>
> Thank you for the suggestion earlier.
>
> I have extracted the the gnupg binaries into the
> folder and it worked! This means I don't have to go
> through the second option in the first place. Thanks a
> lot!
Now, you can try the official Win32 build of 1.3.92.
> However, I still have another problem. Is there a way
> to automatically sign all outgoing email messages with
> my public keys using mozilla thunderbird for my work
> email: servie@admar-group.com and personal email:
> servie_tech@yahoo.com?
I'm sorry but under Linux I use Evolution only, simply because it can
handle everything include what you want here.:-)
> I have read and searched in google that to do this, we
> need to make a signature file and configure
> thunderbird or yahoo to open that file whenever you
> make new mail messages, we get a signed email?
No, definitely not in this way. A common signature tailing the body is
different from a digital signature generated by GnuPG.
> Is this the only way to do this? Any thoughts on this
> from you or from anyone else in this group would
> definitely be appreciated.
I guess you'll need a plugin called Enigmail. Refer to this page:
http://www.bretschneidernet.de/tips/secmua.html
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From cwheat at azumano.com Thu Oct 28 19:58:54 2004
From: cwheat at azumano.com (Chris Wheat)
Date: Thu Oct 28 19:55:54 2004
Subject: Cipher Strenth
Message-ID:
Hello,
How can you determine the cipher strengh of the file encrypted by gnupg?
(56, 128, 256)
I am trying to figure out how secure the message I encrypt really are.
Many Thanks,
Chris Wheat
From atom at suspicious.org Thu Oct 28 20:09:53 2004
From: atom at suspicious.org (Atom 'Smasher')
Date: Thu Oct 28 20:06:55 2004
Subject: Cipher Strenth
In-Reply-To:
References:
Message-ID: <20041028181008.73472.qmail@suspicious.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, 28 Oct 2004, Chris Wheat wrote:
> How can you determine the cipher strengh of the file encrypted by gnupg?
> (56, 128, 256)
>
> I am trying to figure out how secure the message I encrypt really are.
=============
use "-v" or "--verbose" and you'll see the ciphers used for d/encryption.
gpg uses symmetric ciphers with keys between 128-256 bit. there's a table
"Symmetric Key" that covers what ciphers use what size keys
.
- --
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"If the [Foreign Corrupt Practices] Law were applied to the
president and the political parties, they'd all be sitting
in the cooler."
-- Raymond Plank, president Apache Corp.,
noting that an annual questionnaire he signs under
that law requires him to attest that his company doesn't
bribe foreign officials for business
(USA Today, 10/26/1998)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBgTX2AAoJEAx/d+cTpVcim3oIAJ8aXaJ0xhB8Ho3BI9jbSPO9
R4jtRd1e3GzE96msj+wy8wqZRQWadXfbssO1ze5EDHnfYiPx/7et5hIEspH/1f1n
R9LuZ99JAC2lERTscOkKmz82E5rx0g8yoISeCx7NFieGKg7nA0d/gHKvYEgu5vqk
hgdXM8fLEHbEPxNkEcakIEcYyiXFSzGWbDkcAx/66QBHKfFi5IMHTU+sF/VS0e5V
5ewGTrtPAPqiFhPhKhpq1T/ml/pkelWVhCyRfV+YCgV+VhVGGcWX3/29Cuo+f0IE
3CZglN5M8JO+rOfUHgNPoYV/T/R9KszNSohQYPiT31NQhpaHzeEywAwn/kFH0Kw=
=lJLq
-----END PGP SIGNATURE-----
From wk at gnupg.org Thu Oct 28 20:53:43 2004
From: wk at gnupg.org (Werner Koch)
Date: Thu Oct 28 20:54:45 2004
Subject: [Announce] GnuPG 1.3.92 released (development)
In-Reply-To: (zuxy.meng@gmail.com's
message of "Fri, 29 Oct 2004 00:29:53 +0800")
References: <87d5z3c9dp.fsf@wheatstone.g10code.de>
Message-ID: <87u0se8yiw.fsf@wheatstone.g10code.de>
On Fri, 29 Oct 2004 00:29:53 +0800, Zuxy said:
> BTW: Why not add BZIP support to Win32 binaries?
I don't wnat to add bzip to the source and thus we would rely to have
a bzip librart on Windows installed. Using dynamic linking seems to
be overkill for that feature.
Werner
From johanw at vulcan.xs4all.nl Thu Oct 28 21:41:43 2004
From: johanw at vulcan.xs4all.nl (Johan Wevers)
Date: Thu Oct 28 21:38:11 2004
Subject: [Announce] GnuPG 1.3.92 released (development)
In-Reply-To: <87d5z3c9dp.fsf@wheatstone.g10code.de> from Werner Koch at "Oct
28, 2004 02:30:58 pm"
Message-ID: <200410281941.VAA11602@vulcan.xs4all.nl>
Werner Koch wrote:
>[Obviously Mailman broke the PGP/MIME signature again. Therefore I see
> no other way than to repost it using the plain old clear sign format]
I'm glad to see it's still not deprecated enough. :-) (One of the changes
I make in the code is to add IDEA to the list of algorithms that gnupg
doesn't complain about being deprecated).
>The latest release from the development branch of GnuPG is ready for
>public consumption.
Built OK on Slackware 3.3 / libc5. All tests were passed, and my extra
pgp 2.6 compatibility tests were passed too.
>This is a branch to create what will extremely
>soon become the new stable release of GnuPG 1.4.
Is "extremely soon" a matter of days, weeks or months?
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
From shavital at mac.com Thu Oct 28 23:10:51 2004
From: shavital at mac.com (Charly Avital)
Date: Thu Oct 28 23:07:51 2004
Subject: [Announce] GnuPG 1.3.92 released (development)
In-Reply-To: <873bzzdszd.fsf@wheatstone.g10code.de>
References: <873bzzdszd.fsf@wheatstone.g10code.de>
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Compiled under Mac OS X 10.3.5, Darwin 7.5.0, CPU Type: PowerPC G4
(1.1)., including idea.c.
Thanks for your work.
Charly
On Oct 28, 2004, at 6:42 AM, Werner Koch wrote:
> Hello!
>
> The latest release from the development branch of GnuPG is ready for
> public consumption. This is a branch to create what will extremely
> soon become the new stable release of GnuPG 1.4.
>
> We strongly encourage people to try this development release and
> report any feedback or problems to gnupg-devel@gnupg.org. If you have
> been waiting until the 1.4 release is imminent before trying the code,
> that time is now.
>
>
> The files are available from:
>
> Gzipped:
> ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz
> (3.8M)
> ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.3.92.tar.gz.sig
> [...]
> Enjoy!
>
> The GnuPG team (David, Stefan, Timo and Werner)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (Darwin)
iD8DBQFBgWBn8SG5rMkbCF4RAiz8AJ4uI5QVftIAb4kk2pp13qxcfl2t2ACeKm+s
dTzSUDBqL15SzW5nk9M2dmo=
=6aqd
-----END PGP SIGNATURE-----
From shavital at mac.com Thu Oct 28 23:16:27 2004
From: shavital at mac.com (Charly Avital)
Date: Thu Oct 28 23:13:27 2004
Subject: setpref syntax
In-Reply-To: <200410271913.i9RJDm0d003861@mailserver2.hushmail.com>
References: <200410271913.i9RJDm0d003861@mailserver2.hushmail.com>
Message-ID:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In 1.3.91 and 1.3.92 (which are in fact 1.4), one -v (or --verbose) is
enough.
Charly
On Oct 27, 2004, at 3:13 PM, vedaal@hush.com wrote:
> Sebastian Wiesinger sebastian at karotte.org wrote:
>
>> Ah ok, I tried gpg --version -v, that didn't work. :)
>
> maybe in 1.4 one -v is enough,
> but in 1.3.x it needs verbose twice:
>
> C:\GNUPG>gpg -v -v --version
> gpg (GnuPG) 1.3.6
> [...]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (Darwin)
iD8DBQFBgWG48SG5rMkbCF4RAmDoAJ4gjTpHwQnnUo3jYvaA016ZYZapWgCfYFOH
BodujdxHb/ccx9eMwkkBWlQ=
=WOMq
-----END PGP SIGNATURE-----
From DougB at DougBarton.net Fri Oct 29 06:51:52 2004
From: DougB at DougBarton.net (Doug Barton)
Date: Fri Oct 29 06:49:05 2004
Subject: [Announce] GnuPG 1.3.92 released (development)
In-Reply-To: <200410281941.VAA11602@vulcan.xs4all.nl>
References: <200410281941.VAA11602@vulcan.xs4all.nl>
Message-ID: <4181CC68.7070605@DougBarton.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Compiles fine on FreeBSD 4.10-Stable and 6-current, and passes all 25
tests.
HTH,
Doug
- --
If you're never wrong, you're not trying hard enough
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFBgcxnyIakK9Wy8PsRAvyeAJ9Q0Wc0t84mPXkODXhOysHfau/7pQCeL1o8
VWcCPHg7BzwFZPipDQ2/g7s=
=vzf3
-----END PGP SIGNATURE-----
From pt at radvis.nu Fri Oct 29 13:17:24 2004
From: pt at radvis.nu (Per Tunedal Casual)
Date: Fri Oct 29 13:12:21 2004
Subject: setpref syntax
In-Reply-To:
References: <200410271913.i9RJDm0d003861@mailserver2.hushmail.com>
Message-ID: <6.1.2.0.2.20041029131506.038ced60@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 23:16 2004-10-28, you wrote:
>>> Ah ok, I tried gpg --version -v, that didn't work. :)
>>
>> maybe in 1.4 one -v is enough,
>> but in 1.3.x it needs verbose twice:
>>
>> C:\GNUPG>gpg -v -v --version
>> gpg (GnuPG) 1.3.6
>> [...]
>
I mistyped: gpg -v -version (one hyphen) and gpg tried to encrypt to an
unknown key!
version: 1.2.5
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32) - GPGrelay v0.955
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
iD8DBQFBgibbaDDfzFT+2PIRAm0BAJ9eBvPC/VUvySyoTPlNmWAtr2x+DACfba6i
t/EfiCesaX2nOOxGrXTlftc=
=YApa
-----END PGP SIGNATURE-----
From wk at gnupg.org Fri Oct 29 07:35:12 2004
From: wk at gnupg.org (Werner Koch)
Date: Fri Oct 29 19:14:55 2004
Subject: [Announce] GnuPG 1.3.92 released (development)
In-Reply-To: <200410281941.VAA11602@vulcan.xs4all.nl> (Johan Wevers's
message of "Thu, 28 Oct 2004 21:41:43 +0200 (MET DST)")
References: <200410281941.VAA11602@vulcan.xs4all.nl>
Message-ID: <87654u9je7.fsf@wheatstone.g10code.de>
On Thu, 28 Oct 2004 21:41:43 +0200 (MET DST), Johan Wevers said:
> Is "extremely soon" a matter of days, weeks or months?
I depends on how many bug reports we get and how fast the translation
folks can come up with updated translations. So a few weeks seems to
be realistic.
Werner
From hmujtaba at forumsys.com Fri Oct 29 19:41:18 2004
From: hmujtaba at forumsys.com (Hasnain Mujtaba)
Date: Fri Oct 29 19:38:26 2004
Subject: PGP5 and v4 GPG keys
Message-ID: <4DCE15B9C4E66F4CA967EBF64C53D64D190444@bstn-exch1.forumsys.com>
Thank you for verifying this for me. Appreciate it!
-----Original Message-----
From: gnupg-users-bounces@gnupg.org
[mailto:gnupg-users-bounces@gnupg.org] On Behalf Of David Shaw
Sent: Wednesday, October 27, 2004 10:32 PM
To: gnupg-users@gnupg.org
Subject: Re: PGP5 and v4 GPG keys
On Wed, Oct 27, 2004 at 08:24:25PM -0400, Hasnain Mujtaba wrote:
> Thanks for the response David. I am having some problems with v4 RSA
> keys. I have an RSA keypair generated by an open source tool. I can
load
> it into GPG 1.2.4 using the command: gpg --allow-secret-key-import
> --import. I can then use GPG to encrypt a file using the keypair. But
> when I give GPG the encrypted file to decrypt, I see the following
> message:
>
> gpg: public key decryption failed: wrong secret key used
> gpg: decryption failed: secret key not available.
>
> The key pair is attached. The password is password. Would it be
possible
> for you to run an encrypt/decrypt test with this keypair to see if you
> can reproduce this error?
That key is broken. As a guess, it seems that the private half is not
really the private half for the public key. Corrupt, perhaps.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
From johnmoore3rd at joimail.com Sat Oct 30 04:39:55 2004
From: johnmoore3rd at joimail.com (JOHN MOORE)
Date: Sat Oct 30 04:36:26 2004
Subject: iconv.dll ??
Message-ID: <4182FEFB.50401@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Having downloaded the tar.gz file for 1.3.92, will I also need to
download and install the iconv.dll prior to compiling/installing?
If so, would someone please be kind enough to provide the download link?
I would also appreciate the link to subscribe to gnupg-announce.
Thanks, JOHN :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBgv7xnCmZhrerneURAuTmAJ9VlcgFPMJHMYo+cumNDmCLf6KSsACeMc8J
PTagEduCRFviSyoghn9uDIU=
=l6hd
-----END PGP SIGNATURE-----
From JPClizbe at comcast.net Sat Oct 30 06:53:39 2004
From: JPClizbe at comcast.net (John Clizbe)
Date: Sat Oct 30 06:50:44 2004
Subject: iconv.dll ??
In-Reply-To: <4182FEFB.50401@joimail.com>
References: <4182FEFB.50401@joimail.com>
Message-ID: <41831E53.3060205@comcast.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
JOHN MOORE wrote:
> Having downloaded the tar.gz file for 1.3.92, will I also need to
> download and install the iconv.dll prior to compiling/installing?
>
> If so, would someone please be kind enough to provide the download link?
> I would also appreciate the link to subscribe to gnupg-announce.
>
> Thanks, JOHN :)
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
- ---------
gnupg-announce:
http://lists.gnupg.org/mailman/listinfo/gnupg-announce
Yes, iconv.dll is needed. The best (as in "easiest to install") place to
get it from is the gettext project on SourceForge:
http://prdownloads.sourceforge.net/gettext/libiconv-1.9.1.bin.woe32.zip?download
Open the ZIP wih WinZIP (or other archiver) and extract iconv.dll to your
GnuPG binary directory.
- --
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Our enemies are innovative and resourceful, and so are we. They
never stop thinking about new ways to harm our country and our people,
and neither do we." - Dumbya explaining his administration 5-Aug-2004
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.93-cvs (Windows 2000 SP4)
Comment: When cryptography is outlawed, b25seSBvdXRsYXdzIHdpbGwgdXNlIG
Comment: Annoy John Asscraft -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBgx5SHQSsSmCNKhARAifoAKDK/3JCCAxUAzoQLOkZONLCrSsM2QCdGRCr
VazXYNEw+hN1B3WUS2c7PS4=
=tQbp
-----END PGP SIGNATURE-----
From zuxy.meng at gmail.com Sat Oct 30 07:49:08 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Sat Oct 30 07:45:45 2004
Subject: When to lock page under WinNT?
In-Reply-To: <87vfd4dmfk.fsf@wheatstone.g10code.de>
References:
<87vfd4dmfk.fsf@wheatstone.g10code.de>
Message-ID:
On Thu, 21 Oct 2004 19:13:19 +0200, Werner Koch wrote:
> No, it won't appear in GnuPG unless there is a portable and working
> way of doing so.
>
Hmm, maybe you would be interested in the 'gnuwin32' project where
they've provided a subset of glibc under Win32?
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From johnmoore3rd at joimail.com Sat Oct 30 23:37:38 2004
From: johnmoore3rd at joimail.com (JOHN MOORE)
Date: Sat Oct 30 23:34:40 2004
Subject: iconv.dll redux
Message-ID: <418409A2.1000508@joimail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I do appreciate the reply from JOHN....but when I downloaded the gzipped
file it is to install into a Knoppix Linux partition to be use in
conjunction with T-Bird/Enigmail and GPA as Key Manager. Does the
gzipped download have the iconv.dll or does it need to be added prior to
.'configure, make, make install, make clean? If I do need to add it,
can I use the same .dll in the WinZip download? If I require another,
where?
Thanks, JOHN :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBhAmZnCmZhrerneURAik8AJ4jFZwvUvc4W/o8XdB53Z9rDVtx8QCePoiv
+L4XqFmzP3R81KwfKer7NQ4=
=t71V
-----END PGP SIGNATURE-----
From linux at codehelp.co.uk Sun Oct 31 09:12:24 2004
From: linux at codehelp.co.uk (Neil Williams)
Date: Sun Oct 31 09:08:54 2004
Subject: iconv.dll redux
In-Reply-To: <418409A2.1000508@joimail.com>
References: <418409A2.1000508@joimail.com>
Message-ID: <200410310812.28601.linux@codehelp.co.uk>
On Saturday 30 October 2004 10:37 pm, JOHN MOORE wrote:
> I do appreciate the reply from JOHN....but when I downloaded the gzipped
> file it is to install into a Knoppix Linux partition
.dll files are only for Windows. You don't need iconv.dll for GNU/Linux.
> to be use in
> conjunction with T-Bird/Enigmail and GPA as Key Manager. Does the
> gzipped download have the iconv.dll
No, not needed.
> or does it need to be added prior to
> .'configure, make, make install, make clean?
What error in the ./configure make make install caused you to think that this
file was needed?
Remember:
$ ./configure
(the dot and slash are required)
$ make
$ su
# make install
> If I do need to add it,
> can I use the same .dll in the WinZip download?
Binary files from one operating system are not compatible with binaries from
another.
If this is Knoppix, why not use apt?
As root,
# apt-get install gnupg gpa mozilla-thunderbird mozilla-thunderbird-enigmail
There's no need to compile any of these unless you want the absolute latest
versions. If you learn a bit more about Knoppix and Debian, you can switch to
the testing version of Debian and get the current releases. Default 'stable'
might be a little old.
www.debian.org
www.knoppix.net
http://www.eleli.de/knoppix/docs/tutorial
http://www.debian.org/doc/manuals/apt-howto/ch-novas.en.html
http://www.debian.org/doc/manuals/apt-howto/ch1.en.html
--
Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20041031/b86978e3/attachment.bin
From servie_tech at yahoo.com Sun Oct 31 15:43:40 2004
From: servie_tech at yahoo.com (Servie Platon)
Date: Sun Oct 31 15:40:46 2004
Subject: gpg: error loading `iconv.dll': ec=126
Message-ID: <20041031144340.32514.qmail@web52504.mail.yahoo.com>
Hi folks,
What does this error mean?
C:\Documents and Settings\servie>gpg --version
gpg: error loading `iconv.dll': ec=126
gpg (GnuPG) 1.3.92
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT
be
used in a production environment or with production
keys!
Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to
redistribute it
under certain conditions. See the file COPYING for
details.
Home: C:/Documents and Settings/Servie/Application
Data/GnuPG
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256,
TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
Compression: Uncompressed, ZIP, ZLIB
C:\Documents and Settings\servie>gpg --gen-key
gpg: error loading `iconv.dll': ec=126
Does this mean that when I extracted the
gnupg-w32cli-1.3.92.zip from the gnupg site, it did
not or have somehow corrupted iconv.dll?
I followed the instructions on
http://enigmail.mozdev.org/gpgconf.html, installed
first v. 1.2.5 and it worked and then when I upgraded
to v. 1.3.92 this is where it all began.
Any thoughts on this would be highly appreciated.
Thanks in advance.
Sincerely,
Servie
=====
Sincerely,
Servie Platon
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
From zuxy.meng at gmail.com Sun Oct 31 16:48:10 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Sun Oct 31 16:44:45 2004
Subject: When to lock page under WinNT?
In-Reply-To: <87vfd4dmfk.fsf@wheatstone.g10code.de>
References:
<87vfd4dmfk.fsf@wheatstone.g10code.de>
Message-ID:
On Thu, 21 Oct 2004 19:13:19 +0200, Werner Koch wrote:
> No, it won't appear in GnuPG unless there is a portable and working
> way of doing so.
>
Take a look at these two pieces of code, grabbed from 'gnuwin32'
int
mlock (const void *addr, size_t len)
{
if (IsWin9x())
{
__set_errno(ENOSYS);
return -1;
}
if (!VirtualLock (addr, len)) {
set_werrno;
return -1;
}
return 0;
}
DWORD
getgranularity (void)
{
if (!granularity) {
SYSTEM_INFO si;
GetSystemInfo (&si);
granularity = si.dwAllocationGranularity;
}
return granularity;
}
__ptr_t
__mmap64 (__ptr_t addr, size_t len, int prot, int flags, int fd,
__off64_t offset)
{
__ptr_t map = (__ptr_t) NULL;
caddr_t gran_addr = (caddr_t) addr;
HANDLE handle = INVALID_HANDLE_VALUE;
DWORD cfm_flags = 0, mvf_flags = 0, sysgran = getgranularity ();
__off64_t gran_offset = flags & MAP_ANON ? 0 :offset, filelen = flags
& MAP_ANON ? len : _filelengthi64(fd);
int mmlen = len;
switch (prot) {
case PROT_READ | PROT_WRITE | PROT_EXEC:
case PROT_WRITE | PROT_EXEC:
cfm_flags = PAGE_EXECUTE_READWRITE;
mvf_flags = FILE_MAP_ALL_ACCESS;
break;
case PROT_READ | PROT_WRITE:
cfm_flags = PAGE_READWRITE;
mvf_flags = FILE_MAP_ALL_ACCESS;
break;
case PROT_WRITE:
cfm_flags = PAGE_READWRITE;
mvf_flags = FILE_MAP_WRITE;
break;
case PROT_READ:
cfm_flags = PAGE_READONLY;
mvf_flags = FILE_MAP_READ;
break;
case PROT_NONE:
cfm_flags = PAGE_NOACCESS;
mvf_flags = FILE_MAP_READ;
break;
case PROT_EXEC:
cfm_flags = PAGE_EXECUTE;
mvf_flags = FILE_MAP_READ;
break;
}
if (flags & MAP_PRIVATE) {
if (IsWin9x ())
cfm_flags = PAGE_WRITECOPY;
mvf_flags = FILE_MAP_COPY;
}
// fprintf (stderr, "Addr before: %p\n", gran_addr);
// fprintf (stderr, "Offset before: %#I64X\n", gran_offset);
if (flags & MAP_FIXED) {
gran_offset = offset;
gran_addr = addr;
}
else {
gran_offset = offset & ~(sysgran - 1);
gran_addr = (caddr_t) (((DWORD) gran_addr / sysgran) * sysgran);
}
// fprintf (stderr, "Addr after: %p\n", gran_addr);
// fprintf (stderr, "Offset after: %#I64X\n", gran_offset);
mmlen = (filelen < gran_offset + len ? filelen - gran_offset : len);
handle = CreateFileMapping (flags & MAP_ANON ? INVALID_HANDLE_VALUE :
(HANDLE) _get_osfhandle(fd),
NULL,
cfm_flags,
0, mmlen, NULL);
if (!handle) {
set_werrno;
// WinErr ("CreateFileMapping");
return MAP_FAILED;
}
map = (__ptr_t) MapViewOfFileEx (handle, mvf_flags, HIDWORD(gran_offset),
LODWORD(gran_offset), (SIZE_T) mmlen, (LPVOID) gran_addr);
if (map == NULL && (flags & MAP_FIXED) ) {
// fprintf (stderr, "Starting address: %p\n", (LPVOID) gran_addr);
// WinErr ("First try of MapViewOfFileEx failed");
map = (__ptr_t) MapViewOfFileEx (handle, mvf_flags, HIDWORD(gran_offset),
LODWORD(gran_offset), (SIZE_T) mmlen, (LPVOID) NULL);
}
CloseHandle(handle);
if (map == NULL) {
set_werrno;
// WinErr ("MapViewOfFileEx");
return MAP_FAILED;
}
return map;
}
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From barry at bpuk.net Sun Oct 31 17:01:58 2004
From: barry at bpuk.net (Barry Porter)
Date: Sun Oct 31 16:59:19 2004
Subject: gpg: error loading `iconv.dll': ec=126
In-Reply-To: <20041031144340.32514.qmail@web52504.mail.yahoo.com>
References: <20041031144340.32514.qmail@web52504.mail.yahoo.com>
Message-ID: <41850C76.2000608@bpuk.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Servie Platon wrote:
> I followed the instructions on
> http://enigmail.mozdev.org/gpgconf.html, installed
> first v. 1.2.5 and it worked and then when I upgraded
> to v. 1.3.92 this is where it all began.
There are no v1.3.92 binaries for Windows on the GnuPG site so you must
have got it from somewhere else.
John Clizbe wrote on the list yesterday:
[quote]
iconv.dll is needed. The best (as in "easiest to install") place to
get it from is the gettext project on SourceForge:
http://prdownloads.sourceforge.net/gettext/libiconv-1.9.1.bin.woe32.zip?download
Open the ZIP with WinZIP (or other archiver) and extract iconv.dll to
your GnuPG binary directory.
[/quote]
I dropped iconv.dll into my Windows/System32 folder so that it is
available to all applications and it works fine for me there.
- --
Regards
Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (Windows XP Pro SP2)
Comment: Public Key: http://bpuk.net/openpgpkey1.html
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBhQx13wKVPLs2unURAsPpAJ467ZgxibPNl7wY1uDfp3NBfsToCACfR/JC
a3bIB+anJQlMpZaEXtMiKqk=
=/OJN
-----END PGP SIGNATURE-----
From zuxy.meng at gmail.com Sun Oct 31 17:14:11 2004
From: zuxy.meng at gmail.com (Zuxy)
Date: Sun Oct 31 17:17:24 2004
Subject: gpg: error loading `iconv.dll': ec=126
In-Reply-To: <20041031144340.32514.qmail@web52504.mail.yahoo.com>
References: <20041031144340.32514.qmail@web52504.mail.yahoo.com>
Message-ID:
If gpg returns Windows error code then 126 means "Module not found",
so make sure your iconv.dll lies in the proper place i.e. the same
folder as gpg or %systemdir% (c:\windows\system32?).
On Sun, 31 Oct 2004 06:43:40 -0800 (PST), Servie Platon
wrote:
> Hi folks,
>
> What does this error mean?
>
--
Zuxy
Beauty is truth,
While truth is beauty.
PGP KeyID: E8555ED6
From lists at kcoates.com Sun Oct 31 18:42:42 2004
From: lists at kcoates.com (Kevin Coates)
Date: Sun Oct 31 18:40:16 2004
Subject: v1.3.92 problems with The Bat!
Message-ID: <1219179547.20041031124242@nospam.kcoates.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello GnuPG-Users,
I installed v1.3.92 and placed the required iconv.dll in the Windows
/System32 folder.
Attempts to verify sigs using The Bat! e-mail client yield this error:
gpg: conversion from `utf-8' to `CP0' not available
I do not see this using GPGrelay or GPGShell. Previous versions of GPG
work fine with The Bat!. I don't understand what this error message
means. Can someone provide me with some information?
Thanks.
- --
Kevin Coates
Dewitt, NY USA
________________________________________________________________
(see kludges for my pgp key)
-----BEGIN PGP SIGNATURE-----
iD8DBQFBhSPxvZSrVDqOXK0RAr5QAJ4khXe4UZvcvItcSI3jZv6oRoKTRACg48Ri
kH9b30Wwyr3wPfJkMdnIyRY=
=Zt0P
-----END PGP SIGNATURE-----